CWE-522 不充分的凭证保护机制 类弱点 389 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-522属于凭据保护不足漏洞,指产品在传输或存储认证凭据时使用了不安全的方法,易导致凭据被未授权方拦截或窃取。攻击者通常通过中间人攻击、网络嗅探或访问未加密的存储介质来获取敏感信息,进而冒充合法用户。开发者应避免使用明文传输,采用TLS等加密协议保护传输过程,并在存储时使用强哈希算法加盐处理,确保凭据机密性与完整性。
$user = $_GET['user']; $pass = $_GET['pass']; $checkpass = $_GET['checkpass']; if ($pass == $checkpass) { SetUserPassword($user, $pass); }... Properties prop = new Properties(); prop.load(new FileInputStream("config.properties")); String password = prop.getProperty("password"); DriverManager.getConnection(url, usr, password); ...| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2025-34139 | Sitecore多款产品 安全漏洞 — Experience Manager (XM) | 7.5 | - | 2025-07-25 |
| CVE-2025-6227 | Mattermost 安全漏洞 — Mattermost | 2.2 | Low | 2025-07-18 |
| CVE-2025-34078 | NSClient++ 安全漏洞 — NSClient++ | 7.8AI | HighAI | 2025-07-02 |
| CVE-2025-6081 | Konica Minolta bizhub 227 Multifunction printers 安全漏洞 — bizhub 227 Multifunction printers | 6.8 | Medium | 2025-07-01 |
| CVE-2024-49364 | tiny-secp256k1 安全漏洞 — tiny-secp256k1 | 7.5AI | HighAI | 2025-07-01 |
| CVE-2024-51984 | Brother Industries Multiple driver installers for Windows 安全漏洞 — HL-L8260CDN | 6.8 | Medium | 2025-06-25 |
| CVE-2025-6526 | 70mai M300 安全漏洞 — M300 | 3.1 | Low | 2025-06-23 |
| CVE-2025-30183 | CyberData 011209 Intercom 安全漏洞 — 011209 SIP Emergency Intercom | 7.5 | High | 2025-06-09 |
| CVE-2024-47081 | Requests 安全漏洞 — requests | 5.3 | Medium | 2025-06-09 |
| CVE-2025-3480 | MedDream WEB DICOM Viewer 安全漏洞 — WEB DICOM Viewer | 6.5AI | MediumAI | 2025-05-22 |
| CVE-2025-3079 | Canon ImageRunner 安全漏洞 — imageRUNNER Series | 8.7 | High | 2025-05-19 |
| CVE-2025-3078 | Canon ImageRunner 安全漏洞 — imageRUNNER ADVANCE Series | 8.7 | High | 2025-05-19 |
| CVE-2025-4679 | Synology Active Backup 安全漏洞 — Active Backup for Microsoft 365 | 6.5 | Medium | 2025-05-16 |
| CVE-2025-2772 | BEC Routers 安全漏洞 — Multiple Routers | 6.5 | - | 2025-04-23 |
| CVE-2025-32963 | MinIO Operator 安全漏洞 — operator | 9.9 | - | 2025-04-22 |
| CVE-2025-22372 | SicommNet BASEC 安全漏洞 — BASEC | 6.5AI | MediumAI | 2025-04-14 |
| CVE-2025-27192 | Adobe Commerce 安全漏洞 — Adobe Commerce | 2.7 | Low | 2025-04-08 |
| CVE-2025-26628 | Microsoft Azure 安全漏洞 — Azure Local Cluster | 7.3 | High | 2025-04-08 |
| CVE-2025-2908 | MeetMe 安全漏洞 — MeetMe | 7.5 | - | 2025-03-28 |
| CVE-2024-47109 | IBM Sterling File Gateway 安全漏洞 — Sterling File Gateway | 5.3 | Medium | 2025-03-10 |
| CVE-2025-1886 | Sage 200 Spain 安全漏洞 — Sage 200 Spain | 4.9 | - | 2025-03-07 |
| CVE-2024-12799 | OpenText Identity Manager Advanced Edition 安全漏洞 — Identity Manager Advanced Edition | 9.1 | - | 2025-03-05 |
| CVE-2024-41771 | IBM Engineering Requirements Management DOORS Next 安全漏洞 — Engineering Requirements Management DOORS Next | 7.5 | High | 2025-03-03 |
| CVE-2024-41770 | IBM Engineering Requirements Management DOORS Next 安全漏洞 — Engineering Requirements Management DOORS Next | 7.5 | High | 2025-03-03 |
| CVE-2025-0760 | Tenable Identity Exposure 安全漏洞 — Tenable Identity Exposure | 2.7 | Low | 2025-02-25 |
| CVE-2024-37362 | Hitachi Vantara Pentaho Data Integration & Analytics 安全漏洞 — Pentaho Data Integration & Analytics | 6.3 | Medium | 2025-02-19 |
| CVE-2025-0867 | SICK MEAC300 安全漏洞 — SICK MEAC300 | 9.9 | Critical | 2025-02-14 |
| CVE-2025-26492 | JetBrains TeamCity 安全漏洞 — TeamCity | 7.7 | High | 2025-02-11 |
| CVE-2025-0477 | Rockwell Automation FactoryTalk AssetCentre 安全漏洞 — FactoryTalk® AssetCentre | 7.5 | - | 2025-01-30 |
| CVE-2025-0497 | Rockwell Automation FactoryTalk AssetCentre 安全漏洞 — FactoryTalk® AssetCentre | 6.5 | - | 2025-01-30 |
CWE-522(不充分的凭证保护机制) 是常见的弱点类别,本平台收录该类弱点关联的 389 条 CVE 漏洞。