96 vulnerabilities classified as CWE-922 (敏感信息的不安全存储). AI Chinese analysis included.
CWE-922 represents a critical data protection weakness where applications store sensitive information without enforcing adequate access controls. This flaw typically allows attackers to exploit insufficient read permissions to steal confidential data, such as credentials or personal identifiable information, or leverage inadequate write restrictions to modify or delete records, potentially causing data corruption or denial of service. To mitigate this risk, developers must implement strict file system permissions, ensuring that only authorized processes can access sensitive files. Additionally, employing robust encryption for data at rest, utilizing secure key management practices, and regularly auditing access logs are essential strategies. By rigorously limiting both read and write operations to trusted entities, organizations can significantly reduce the attack surface and protect the integrity and confidentiality of stored information against unauthorized exploitation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2019-5627 | BlueCats Reveal iOS App Insecure Storage — Reveal | 7.8 | - | 2019-05-22 |
| CVE-2019-5626 | BlueCats Reveal Android App Insecure Storage — Reveal | 7.8 | - | 2019-05-22 |
| CVE-2019-5625 | Eaton Halo Home Android App Insecure Storage — HALO Home | 7.8 | - | 2019-05-22 |
| CVE-2019-3684 | susemanager installer creates world-readable swap files — SUSE Manager | 5.9 | - | 2019-05-13 |
| CVE-2017-5249 | Wink - Smart Home Android应用程序安全漏洞 — Wink - Smart Home | 9.8 | - | 2018-02-22 |
| CVE-2017-5250 | INSTEON for Hub Android应用程序安全漏洞 — Insteon for Hub | 9.8 | - | 2018-02-22 |
Vulnerabilities classified as CWE-922 (敏感信息的不安全存储) represent 96 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.