Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-477 (对废弃函数的使用) — Vulnerability Class 15

15 vulnerabilities classified as CWE-477 (对废弃函数的使用). AI Chinese analysis included.

CWE-477 represents a maintenance-related weakness where software relies on deprecated or obsolete functions, signaling that the codebase has likely fallen out of active review. This vulnerability is typically exploited indirectly; attackers leverage the inherent security flaws or lack of modern protections within these outdated functions to bypass current security controls, often resulting in buffer overflows or privilege escalation. Developers avoid this weakness by regularly auditing code against current language standards and actively refactoring legacy components to utilize secure, modern alternatives. By integrating automated static analysis tools into the development pipeline, teams can detect obsolete function calls early, ensuring that the application remains aligned with evolving security conventions and effectively mitigates risks associated with aging, unsupported code practices.

MITRE CWE Description
The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained. As programming languages evolve, functions occasionally become obsolete due to: Advances in the language Improved understanding of how operations should be performed effectively and securely Changes in the conventions that govern certain operations Functions that are removed are usually replaced by newer counterparts that perform the same task in some different and hopefully improved way.
Common Consequences (1)
OtherQuality Degradation
Mitigations (2)
ImplementationRefer to the documentation for the obsolete function in order to determine why it is deprecated or obsolete and to learn about alternative ways to achieve the same functionality.
RequirementsConsider seriously the security implications of using an obsolete function. Consider using alternate functions.
Examples (2)
The following code uses the deprecated function getpw() to verify that a plaintext password matches a user's encrypted password. If the password is valid, the function sets result to 1; otherwise it is set to 0.
... getpw(uid, pwdline); for (i=0; i<3; i++){ cryptpw=strtok(pwdline, ":"); pwdline=0; } result = strcmp(crypt(plainpw,cryptpw), cryptpw) == 0; ...
Bad · C
In the following code, the programmer assumes that the system always has a property named "cmd" defined. If an attacker can control the program's environment so that "cmd" is not defined, the program throws a null pointer exception when it attempts to call the "Trim()" method.
String cmd = null; ... cmd = Environment.GetEnvironmentVariable("cmd"); cmd = cmd.Trim();
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2025-49217 Trend Micro Endpoint Encryption PolicyServer 安全漏洞 — Trend Micro Endpoint Encryption Policy Server 9.8 Critical2025-06-17
CVE-2025-49216 Trend Micro Endpoint Encryption PolicyServer 安全漏洞 — Trend Micro Endpoint Encryption Policy Server 9.8 Critical2025-06-17
CVE-2025-49214 Trend Micro Endpoint Encryption PolicyServer 安全漏洞 — Trend Micro Endpoint Encryption Policy Server 8.8 High2025-06-17
CVE-2025-49213 Trend Micro Endpoint Encryption PolicyServer 安全漏洞 — Trend Micro Endpoint Encryption Policy Server 9.8 Critical2025-06-17
CVE-2025-49212 Trend Micro Endpoint Encryption PolicyServer 安全漏洞 — Trend Micro Endpoint Encryption Policy Server 9.8 Critical2025-06-17
CVE-2025-49220 Trend Micro Apex Central 安全漏洞 — Trend Micro Apex Central 9.8 Critical2025-06-17
CVE-2025-49219 Trend Micro Apex Central 安全漏洞 — Trend Micro Apex Central 9.8 Critical2025-06-17
CVE-2023-28829 Siemens SIMATIC PCS 7 安全漏洞 — SIMATIC NET PC Software V14 3.9 Low2023-06-13
CVE-2023-23451 多款SICK产品访问控制错误漏洞 — SICK FX0-GENT00000, SICK FX0-GENT00030, SICK FX0-GMOD00000, SICK FX0-GMOD00010, SICK FX0-GPNT00000, SICK FX0-GPNT00030, SICK UE410-EN1, SICK UE410-EN3, SICK UE410-EN3S04, SICK UE410-EN4 9.8 -2023-04-19
CVE-2022-1384 Authorized users are allowed to install old plugin versions from the Marketplace — Mattermost 4.7 Medium2022-04-19
CVE-2020-6978 Honeywell WIN-PAK 安全漏洞 — Honeywell WIN-PAK 4.7.2, Web and prior versions 7.2 -2020-03-24
CVE-2019-18251 Omron CX-Supervisor Teamviewer 安全漏洞 — Omron CX-Supervisor 8.8 -2019-11-25
CVE-2019-10988 Philips HDI 4000 Ultrasound Systems 信息泄露漏洞 — Philips HDI 4000 Ultrasound Systems 3.4 -2019-09-04
CVE-2019-10968 Philips Holter 2010 Plus 访问控制错误漏洞 — Philips Holter 2010 Plus 6.0 -2019-07-24
CVE-2018-17890 NUUO CMS 安全漏洞 — NUUO CMS 9.8 -2018-10-12

Vulnerabilities classified as CWE-477 (对废弃函数的使用) represent 15 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.