目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-653 不充分的划分 类漏洞列表 35

CWE-653 不充分的划分 类弱点 35 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-653指缺乏适当隔离或分区的漏洞,表现为产品未对需不同权限的功能、进程或资源进行有效隔离。攻击者常利用此缺陷,通过低权限入口突破边界,将破坏范围扩展至高权限用户或核心资源。开发者应实施严格的访问控制与权限分离,确保各组件间具备强边界,防止低特权实体越权访问高特权资源,从而降低整体安全风险。

MITRE CWE 官方描述
CWE:CWE-653 隔离或隔离区(Compartmentalization)不当 英文:产品未能正确地对需要不同特权级别(privilege levels)、权利(rights)或权限(permissions)的功能、进程或资源进行隔离区(compartmentalize)或隔离(isolate)。 当弱点出现在可由低特权用户访问的功能中时,若缺乏强有力的边界(boundaries),攻击可能会将损害范围扩展至更高特权用户。
常见影响 (1)
Access ControlGain Privileges or Assume Identity, Bypass Protection Mechanism
The exploitation of a weakness in low-privileged areas of the software can be leveraged to reach higher-privileged areas without having to overcome any additional obstacles.
缓解措施 (1)
Architecture and DesignBreak up privileges between different modules, objects, or entities. Minimize the interfaces between modules and require strong access control between them.
代码示例 (2)
Single sign-on technology is intended to make it easier for users to access multiple resources or domains without having to authenticate each time. While this is highly convenient for the user and attempts to address problems with psychological acceptability, it also means that a compromise of a user's credentials can provide immediate access to all other resources or domains.
The traditional UNIX privilege model provides root with arbitrary access to all resources, but root is frequently the only user that has privileges. As a result, administrative tasks require root privileges, even if those tasks are limited to a small area, such as updating user manpages. Some UNIX flavors have a "bin" user that is the owner of system executables, but since root relies on executabl…
CVE ID标题CVSS风险等级Published
CVE-2026-40968 Vmware Spring gRPC 安全漏洞 — Spring gRPC 4.3 Medium2026-04-28
CVE-2026-5600 pretix 安全漏洞 — pretix 4.3AIMediumAI2026-04-08
CVE-2026-5599 venueless 安全漏洞 — Venueless 6.5AIMediumAI2026-04-05
CVE-2026-34775 Electron 安全漏洞 — electron 6.8 Medium2026-04-03
CVE-2026-4325 Keycloak 安全漏洞 — Red Hat build of Keycloak 26.2 5.3 Medium2026-04-02
CVE-2026-4282 Keycloak 安全漏洞 — Red Hat build of Keycloak 26.2 7.4 High2026-04-02
CVE-2025-12805 Llama Stack 安全漏洞 — Red Hat OpenShift AI 2.25 8.1 High2026-03-26
CVE-2026-0542 ServiceNow AI Platform 安全漏洞 — ServiceNow AI Platform 9.8AICriticalAI2026-02-25
CVE-2026-25905 Pydantic 安全漏洞 5.8 Medium2026-02-09
CVE-2025-53710 Palantir Foundry Container Service 安全漏洞 — com.palantir.compute:compute-service 7.5 High2025-12-18
CVE-2025-46215 Fortinet FortiSandbox 安全漏洞 — FortiSandbox 5.0 Medium2025-11-18
CVE-2025-41116 Grafana Databricks Datasource Plugin 安全漏洞 — Grafana Databricks Datasource Plugin 7.5 -2025-11-11
CVE-2025-3717 Grafana Snowflake Datasource Plugin 安全漏洞 — Grafana Snowflake Datasource Plugin 5.3 -2025-11-11
CVE-2025-12695 dspy 安全漏洞 5.9 Medium2025-11-04
CVE-2025-57738 Apache Syncope 安全漏洞 — Apache Syncope 7.2AIHighAI2025-10-20
CVE-2025-34201 Vasion Print和Vasion Print Virtual Appliance Host 安全漏洞 — Print Virtual Appliance Host 9.6 -2025-09-19
CVE-2025-41688 MB connect line mbNET 安全漏洞 — mbNET HW1 7.2 High2025-07-31
CVE-2025-27027 Radiflow iSAP Smart Collector 安全漏洞 — iSAP Smart Collector 4.1 Medium2025-07-09
CVE-2025-5476 Sony XAV-AX8500 安全漏洞 — XAV-AX8500 8.8AIHighAI2025-06-21
CVE-2024-35281 Fortinet FortiClientMAC和Fortinet FortiVoiceUCDesktop 安全漏洞 — FortiClientMac 2.3 Low2025-05-13
CVE-2025-3086 M-Files Server 安全漏洞 — M-Files Server 7.1AIHighAI2025-04-04
CVE-2025-1974 Kubernetes ingress-nginx 安全漏洞 — ingress-nginx 9.8 Critical2025-03-24
CVE-2025-26393 SolarWinds Service Desk 安全漏洞 — Service Desk 5.4 Medium2025-03-17
CVE-2025-21590 Juniper Networks Junos OS 安全漏洞 — Junos OS 4.4 Medium2025-03-12
CVE-2025-24986 Microsoft Azure 安全漏洞 — Azure promptflow-core 6.5 Medium2025-03-11
CVE-2024-0137 NVIDIA Container Toolkit 安全漏洞 — NVIDIA Container Toolkit 5.5 Medium2025-01-28
CVE-2024-0136 NVIDIA Container Toolkit 安全漏洞 — NVIDIA Container Toolkit 7.6 High2025-01-28
CVE-2024-0135 NVIDIA Container Toolkit 安全漏洞 — NVIDIA Container Toolkit 7.6 High2025-01-28
CVE-2024-47520 Arista NG Firewall 安全漏洞 — Arista Edge Threat Management 7.6 High2025-01-10
CVE-2024-53855 No Fuss Computing Centurion ERP 安全漏洞 — centurion_erp 1.9 Low2024-11-27

CWE-653(不充分的划分) 是常见的弱点类别,本平台收录该类弱点关联的 35 条 CVE 漏洞。