CWE-347 密码学签名的验证不恰当 类弱点 371 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-347 属于完整性校验缺失类漏洞,指软件未正确验证数据的加密签名。攻击者常通过篡改数据并伪造签名,实施中间人攻击或注入恶意载荷,从而绕过身份认证或数据完整性检查。开发者应确保对所有关键数据使用强加密算法进行签名验证,严格校验签名有效性,并在验证失败时拒绝处理,以保障数据真实性和系统安全。
File f = new File(downloadedFilePath); JarFile jf = new JarFile(f);| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2021-34709 | Cisco IOS XR 数据伪造问题漏洞 — Cisco IOS XR Software | 6.0 | Medium | 2021-09-09 |
| CVE-2021-34708 | Cisco NCS 540 数据伪造问题漏洞 — Cisco IOS XR Software | 6.0 | Medium | 2021-09-09 |
| CVE-2021-3051 | Palo Alto Cortex XSOAR 数据伪造问题漏洞 — Cortex XSOAR | 8.1 | High | 2021-09-08 |
| CVE-2021-34715 | Cisco Expressway Series和Cisco TelePresence Video Communication Server 数据伪造问题漏洞 — Cisco TelePresence Video Communication Server (VCS) Expressway | 4.7 | Medium | 2021-08-18 |
| CVE-2021-3633 | Lenovo Driver Management 代码问题漏洞 — Driver Management | 7.3 | High | 2021-08-17 |
| CVE-2021-36277 | Dell Command Update 数据伪造问题漏洞 — Alienware Command Center (AWCC) | 7.8 | High | 2021-08-09 |
| CVE-2021-22708 | Multiple Schneider Electric EVlink Charging Stations 数据伪造问题漏洞 — EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) | 7.2 | - | 2021-07-21 |
| CVE-2021-32685 | tEnvoy 数据伪造问题漏洞 — tEnvoy | 9.8 | Critical | 2021-06-16 |
| CVE-2021-29500 | bubble fireworks 数据伪造问题漏洞 — bubble-fireworks | 7.5 | High | 2021-06-04 |
| CVE-2021-22735 | Schneider Electric homeLYnk和spaceLYnk 数据伪造问题漏洞 — homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior | 7.2 | - | 2021-05-26 |
| CVE-2021-22734 | Schneider Electric spaceLYnk和homeLYnk 数据伪造问题漏洞 — homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior | 6.7 | - | 2021-05-26 |
| CVE-2021-3445 | Red Hat libdnf 数据伪造问题漏洞 — libdnf | 8.8 | - | 2021-05-19 |
| CVE-2021-3421 | Red Hat Package Manager 数据伪造问题漏洞 — rpm | 5.5 | - | 2021-05-19 |
| CVE-2021-29455 | Luke Jordan Grassroot Platform 数据伪造问题漏洞 — grassroot-platform | 7.5 | High | 2021-04-19 |
| CVE-2021-29451 | Alessio Stalla Portofino 数据伪造问题漏洞 — Portofino | 9.1 | Critical | 2021-04-16 |
| CVE-2021-21405 | Łukasz Magiera lotus 数据伪造问题漏洞 — lotus | 5.9 | Medium | 2021-04-15 |
| CVE-2021-1375 | Cisco IOS XE SD-WAN Software 数据伪造问题漏洞 — Cisco IOS XE Software | 6.7 | - | 2021-03-24 |
| CVE-2021-1376 | Cisco IOS XE 数据伪造问题漏洞 — Cisco IOS XE Software | 6.7 | - | 2021-03-24 |
| CVE-2021-1453 | Cisco Cisco Catalyst 9000 数据伪造问题漏洞 — Cisco IOS XE Software | 6.8 | Medium | 2021-03-24 |
| CVE-2021-3406 | CNCF Keylime 信任管理问题漏洞 — keylime | 8.2 | - | 2021-02-25 |
| CVE-2021-1366 | Cisco Anyconnect Secure Mobility Client 代码问题漏洞 — Cisco AnyConnect Secure Mobility Client | 7.8 | High | 2021-02-17 |
| CVE-2021-3033 | Prisma Cloud Compute 数据伪造问题漏洞 — Prisma Cloud Compute | 9.1 | Critical | 2021-02-10 |
| CVE-2021-1136 | 多款Cisco产品数据伪造问题漏洞 — Cisco IOS XR Software | 6.7 | Medium | 2021-02-04 |
| CVE-2021-1244 | 多款Cisco产品数据伪造问题漏洞 — Cisco IOS XR Software | 6.7 | Medium | 2021-02-04 |
| CVE-2021-21238 | Idpy Pysaml2 数据伪造问题漏洞 — pysaml2 | 6.5 | Medium | 2021-01-21 |
| CVE-2021-21239 | Idpy Pysaml2 数据伪造问题漏洞 — pysaml2 | 6.5 | Medium | 2021-01-21 |
| CVE-2020-26290 | Dexidp Dex 数据伪造问题漏洞 — dex | 9.3 | Critical | 2020-12-28 |
| CVE-2020-11093 | Hyperledger Indy Node 数据伪造问题漏洞 — indy-node | 7.5 | High | 2020-12-24 |
| CVE-2020-24439 | Adobe Reader 数据伪造问题漏洞 — Acrobat Reader | 2.8 | Low | 2020-11-05 |
| CVE-2020-24429 | Adobe Reader 数据伪造问题漏洞 — Acrobat Reader | 7.7 | High | 2020-11-05 |
CWE-347(密码学签名的验证不恰当) 是常见的弱点类别,本平台收录该类弱点关联的 371 条 CVE 漏洞。