CWE-497 将系统数据暴露到未授权控制的范围 类弱点 296 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-497属于敏感信息泄露漏洞,指产品未能阻止未授权方访问底层系统信息。攻击者常利用网络通信中的错误响应或调试信息,获取操作系统、数据库配置等敏感细节,进而辅助后续攻击。开发者应严格限制错误信息的输出,确保仅返回必要的业务数据,并实施最小权限原则,防止敏感系统细节暴露给外部不可信实体。
char* path = getenv("PATH"); ... sprintf(stderr, "cannot find exe on path %s\n", path);//assume getCurrentUser() returns a username that is guaranteed to be alphanumeric (avoiding CWE-78) $userName = getCurrentUser(); $command = 'ps aux | grep ' . $userName; system($command);| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2024-22125 | SAP GUI 安全漏洞 — Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) | 7.4 | High | 2024-01-09 |
| CVE-2024-22124 | SAP Web Dispatcher 安全漏洞 — SAP NetWeaver (Internet Communication Manager) | 4.1 | Medium | 2024-01-09 |
| CVE-2023-41366 | SAP NetWeaver Application Server 安全漏洞 — SAP NetWeaver Application Server ABAP and ABAP Platform | 5.3 | Medium | 2023-11-14 |
| CVE-2023-34209 | EasyUse MailHunter Ultimate 安全漏洞 — MailHunter Ultimate | 5.0 | Medium | 2023-10-17 |
| CVE-2023-4237 | Red Hat Ansible Automation 安全漏洞 — Red Hat Ansible Automation Platform 2.4 for RHEL 8 | 7.3 | High | 2023-10-04 |
| CVE-2023-20111 | Cisco Identity Services Engine 安全漏洞 — Cisco Identity Services Engine Software | 6.5 | Medium | 2023-08-16 |
| CVE-2023-37487 | SAP Business One 信息泄露漏洞 — SAP Business One (Service Layer) | 5.3 | Medium | 2023-08-08 |
| CVE-2023-0342 | MongoDB Ops Manager 安全漏洞 — MongoDB Ops Manager | 3.1 | Low | 2023-06-09 |
| CVE-2023-2541 | KNIME Business Hub 安全漏洞 — KNIME Business Hub | 5.3 | Medium | 2023-06-07 |
| CVE-2023-32550 | Canonical Landscape 安全漏洞 — Landscape | 9.3 | Critical | 2023-06-06 |
| CVE-2023-0005 | Palo Alto Networks PAN-OS 安全漏洞 — PAN-OS | 4.1 | Medium | 2023-04-12 |
| CVE-2022-34458 | 多款Dell产品 安全漏洞 — Dell Command Update (DCU) | 6.6 | Medium | 2023-02-01 |
| CVE-2022-38710 | IBM Robotic Process Automation 安全漏洞 — Robotic Process Automation | 5.3 | - | 2022-11-03 |
| CVE-2022-2403 | Red Hat OpenShift Container Platform 信息泄露漏洞 — Openshift | 6.5 | - | 2022-09-01 |
| CVE-2022-1902 | Red Hat stackrox 安全漏洞 — Red Hat Advanced Cluster Security for Kubernetes | 8.8 | - | 2022-09-01 |
| CVE-2022-20664 | Cisco多款产品 信息泄露漏洞 — Cisco Email Security Appliance (ESA) | 7.7 | High | 2022-06-15 |
| CVE-2022-20734 | Cisco SD-WAN vManage Software 信息泄露漏洞 — Cisco SD-WAN vManage | 4.4 | Medium | 2022-05-04 |
| CVE-2022-28651 | JetBrains IntelliJ IDEA 安全漏洞 — IntelliJ IDEA | 8.4 | High | 2022-04-05 |
| CVE-2021-0291 | Juniper Networks Junos OS 信息泄露漏洞 — Junos OS | 6.5 | Medium | 2021-07-15 |
| CVE-2021-1544 | Cisco Webex meeting客户端软件日志机制 信息泄露漏洞 — Cisco Webex Meetings | 5.5 | Medium | 2021-06-04 |
| CVE-2021-23135 | Argo 信息泄露漏洞 — Argo CD | 5.9 | Medium | 2021-05-12 |
| CVE-2021-1535 | Cisco SD-WAN vManage 安全漏洞 — Cisco SD-WAN vManage | 5.3 | Medium | 2021-05-06 |
| CVE-2021-1235 | Cisco SD-WAN vManage Software 安全漏洞 — Cisco SD-WAN vManage | 5.5 | - | 2021-01-20 |
| CVE-2020-25179 | General Electric Healthcare Imaging 和 Ultrasound 信息泄露漏洞 — GE Healthcare Imaging and Ultrasound Products | 9.8 | - | 2020-12-14 |
| CVE-2020-26076 | Cisco IoT Field Network Director 信息泄露漏洞 — Cisco IoT Field Network Director (IoT-FND) | 7.5 | - | 2020-11-18 |
| CVE-2019-10243 | Eclipse Kura 信息泄露漏洞 — Eclipse Kura | 5.3 | - | 2019-04-09 |
CWE-497(将系统数据暴露到未授权控制的范围) 是常见的弱点类别,本平台收录该类弱点关联的 296 条 CVE 漏洞。