CWE-697 不充分的比较 类弱点 47 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-697 属于逻辑错误类漏洞,指产品在安全相关上下文中执行了错误的实体比较。攻击者通常利用此缺陷,通过构造特定输入绕过身份验证或权限检查,从而获取未授权访问。开发者应避免此类问题,需确保比较逻辑涵盖所有必要因素,验证比较对象类型一致,并采用经过安全审计的标准库函数进行严谨的安全决策判断。
public class Truck { private String make; private String model; private int year; public boolean equals(Object o) { if (o == null) return false; if (o == this) return true; if (!(o instanceof Truck)) return false; Truck t = (Truck) o; return (this.make.equals(t.getMake()) && this.model.equals(t.getModel())); } }/* Ignore CWE-259 (hard-coded password) and CWE-309 (use of password system for authentication) for this example. */ char *username = "admin"; char *pass = "password"; int AuthenticateUser(char *inUser, char *inPass) { if (strncmp(username, inUser, strlen(inUser))) { logEvent("Auth failure of username using strlen of inUser"); return(AUTH_FAIL); } if (! strncmp(pass, inPass, strlen(inPass))) { logEvent("Auth success of password using strlen of inUser"); return(AUTH_SUCCESS); } else { logEvent("Auth fail of password using sizeof"); return(AUTH_FAIL); } } int main (int argc, char **argv) { int ap pa pas pass| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2026-35040 | fast-jwt 安全漏洞 — fast-jwt | 5.3 | Medium | 2026-04-09 |
| CVE-2026-34574 | Parse Server 安全漏洞 — parse-server | 7.1AI | HighAI | 2026-03-31 |
| CVE-2026-34210 | mppx 安全漏洞 — mppx | 7.5 | - | 2026-03-31 |
| CVE-2026-32322 | rs-soroban-sdk 安全漏洞 — rs-soroban-sdk | 5.3 | Medium | 2026-03-12 |
| CVE-2025-20343 | Cisco Identity Services Engine 安全漏洞 — Cisco Identity Services Engine Software | 8.6 | High | 2025-11-05 |
| CVE-2025-12192 | WordPress plugin The Events Calendar 安全漏洞 — The Events Calendar | 5.3 | Medium | 2025-11-05 |
| CVE-2025-47416 | CRESTRON TOUCHSCREENS x70 安全漏洞 — TOUCHSCREEN x70 | 9.8AI | CriticalAI | 2025-09-09 |
| CVE-2025-9401 | UTCMS 安全漏洞 — UTCMS | 3.7 | Low | 2025-08-25 |
| CVE-2025-48952 | NetAlertX 安全漏洞 — NetAlertX | 9.4 | Critical | 2025-07-04 |
| CVE-2025-3102 | WordPress plugin SureTriggers 安全漏洞 — OttoKit: All-in-One Automation Platform | 8.1 | High | 2025-04-10 |
| CVE-2024-53861 | pyjwt 安全漏洞 — pyjwt | 2.2 | Low | 2024-11-29 |
| CVE-2024-39534 | Juniper Networks Junos OS Evolved 安全漏洞 — Junos OS Evolved | 5.4 | Medium | 2024-10-11 |
| CVE-2024-41958 | mailcow 安全漏洞 — mailcow-dockerized | 6.6 | Medium | 2024-08-05 |
| CVE-2024-24621 | Webuzo 安全漏洞 — Webuzo | 9.8 | Critical | 2024-07-25 |
| CVE-2015-10129 | moonmoon 安全漏洞 — planet-freo | 3.7 | Low | 2024-02-04 |
| CVE-2023-23766 | GitHub Enterprise Server 安全漏洞 — Enterprise Server | 4.5 | Medium | 2023-09-22 |
| CVE-2023-23845 | SolarWinds Platform 安全漏洞 — SolarWinds Platform | 6.8 | Medium | 2023-09-13 |
| CVE-2023-23840 | SolarWinds Platform 安全漏洞 — SolarWinds Platform | 6.8 | Medium | 2023-09-13 |
| CVE-2023-23765 | GitHub Enterprise Server 安全漏洞 — Enterprise Server | 4.8 | Medium | 2023-08-30 |
| CVE-2023-23764 | GitHub Enterprise Server 安全漏洞 — Enterprise Server | 4.8 | Medium | 2023-07-27 |
| CVE-2023-23843 | SolarWinds Platform 安全漏洞 — SolarWinds Platform | 7.2 | High | 2023-07-26 |
| CVE-2023-33225 | SolarWinds Platform 安全漏洞 — SolarWinds Platform | 7.2 | High | 2023-07-26 |
| CVE-2023-22435 | Honeywell Products 缓冲区错误漏洞 — Experion Server | 7.5 | High | 2023-07-13 |
| CVE-2023-28936 | Apache OpenMeetings 安全漏洞 — Apache OpenMeetings | 7.5 | - | 2023-05-12 |
| CVE-2023-23762 | GitHub Enterprise Server 安全漏洞 — Enterprise Server | 6.5 | Medium | 2023-04-07 |
| CVE-2022-43621 | D-Link DIR-1935 安全漏洞 — DIR-1935 | 8.8 | - | 2023-03-29 |
| CVE-2023-25666 | Google TensorFlow 安全漏洞 — tensorflow | 7.5 | High | 2023-03-24 |
| CVE-2023-25669 | Google TensorFlow 安全漏洞 — tensorflow | 7.5 | High | 2023-03-24 |
| CVE-2023-25673 | Google TensorFlow 安全漏洞 — tensorflow | 7.5 | High | 2023-03-24 |
| CVE-2023-25675 | Google TensorFlow 安全漏洞 — tensorflow | 7.5 | High | 2023-03-24 |
CWE-697(不充分的比较) 是常见的弱点类别,本平台收录该类弱点关联的 47 条 CVE 漏洞。