目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-610 资源在另一范围的外部可控制索引 类漏洞列表 46

CWE-610 资源在另一范围的外部可控制索引 类弱点 46 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-610 属于引用外部资源漏洞,指程序使用外部控制的名称或引用,解析到预期控制范围之外的资源。攻击者通常通过操纵输入,诱导程序访问非预期的文件、网络端点或数据库,从而窃取敏感数据或执行未授权操作。开发者应避免直接拼接用户输入,采用白名单机制严格校验资源标识符,并确保程序仅能访问受控域内的合法资源,以阻断此类攻击路径。

MITRE CWE 官方描述
CWE:CWE-610 Externally Controlled Reference to a Resource in Another Sphere 英文:The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere. 译文:该产品使用了由外部控制的名称或引用,该名称或引用解析到的资源超出了预期的控制范围。
常见影响 (2)
Confidentiality, IntegrityRead Application Data, Modify Application Data
An adversary could read or modify data, depending on how the resource is intended to be used.
Access ControlGain Privileges or Assume Identity
An adversary that can supply a reference to an unintended resource can potentially access a resource that they do not have privileges for, thus bypassing existing access control mechanisms.
代码示例 (1)
The following code is a Java servlet that will receive a GET request with a url parameter in the request to redirect the browser to the address specified in the url parameter. The servlet will retrieve the url parameter value from the request and send a response to redirect the browser to the url address.
public class RedirectServlet extends HttpServlet { protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String query = request.getQueryString(); if (query.contains("url")) { String url = request.getParameter("url"); response.sendRedirect(url); } } }
Bad · Java
<a href="http://bank.example.com/redirect?url=http://attacker.example.net">Click here to log in</a>
Attack · HTML
CVE ID标题CVSS风险等级Published
CVE-2026-45760 Apache Camel K 安全漏洞 — Apache Camel K--2026-05-21
CVE-2026-34327 Microsoft Partner Center 安全漏洞 — Microsoft Partner Center 8.2 High2026-05-07
CVE-2026-0522 VertiGIS FM 安全漏洞 — VertiGIS FM 8.8AIHighAI2026-04-01
CVE-2026-32008 OpenClaw 安全漏洞 — OpenClaw 6.5 Medium2026-03-19
CVE-2026-28722 Acronis Cyber Protect 安全漏洞 — Acronis Cyber Protect 17 7.8 -2026-03-05
CVE-2026-28721 Acronis Cyber Protect 安全漏洞 — Acronis Cyber Protect 17 7.8 -2026-03-05
CVE-2025-9065 Rockwell Automation ThinManager 安全漏洞 — ThinManager 9.6AICriticalAI2025-09-09
CVE-2025-48963 Acronis Cyber Protect Cloud Agent 安全漏洞 — Acronis Cyber Protect Cloud Agent 7.8 -2025-08-28
CVE-2015-10142 Sitecore Experience Platform(XP) 安全漏洞 — Experience Platform (XP) 7.5 -2025-07-25
CVE-2025-2875 Schneider Electric多款产品 安全漏洞 — Modicon Controllers M241 / M251 7.5 High2025-05-14
CVE-2024-13177 Netskope Client 安全漏洞 — Netskope Client 7.8AIHighAI2025-04-15
CVE-2022-23439 Fortinet多款产品 安全漏洞 — FortiTester 4.1 Medium2025-01-22
CVE-2025-22144 NamelessMC 安全漏洞 — Nameless 8.1 -2025-01-13
CVE-2024-42168 HCL DRYiCE MyXalytics 安全漏洞 — DRYiCE MyXalytics 8.9 High2025-01-11
CVE-2024-52792 LDAP Account Manager 安全漏洞 — lam 6.5 Medium2024-12-17
CVE-2024-47773 Discourse 安全漏洞 — discourse 8.2 High2024-10-08
CVE-2024-45826 Rockwell Automation ThinManager 安全漏洞 — ThinManager 6.8 Medium2024-09-12
CVE-2024-7625 HashiCorp Nomad 安全漏洞 — Nomad 5.8 Medium2024-08-14
CVE-2024-6079 Rockwell Automation Emulate3D 安全漏洞 — Emulate3D™ 7.8AIHighAI2024-08-13
CVE-2024-28962 Dell Update和Dell Alienware Update 安全漏洞 — Dell Update (DU) 6.5 Medium2024-08-06
CVE-2024-29069 snapd 安全漏洞 — snapd 4.8 Medium2024-07-25
CVE-2024-6717 HashiCorp Nomad和HashiCorp Nomad Enterprise 安全漏洞 — Nomad 7.7 High2024-07-23
CVE-2024-32980 Spin 安全漏洞 — spin 9.1 Critical2024-05-08
CVE-2024-24818 EspoCRM 安全漏洞 — espocrm 5.9 Medium2024-02-29
CVE-2024-24760 mailcow 安全漏洞 — mailcow-dockerized 8.8 High2024-02-02
CVE-2023-4089 WAGO 安全漏洞 — Compact Controller CC100 2.7 Low2023-10-17
CVE-2023-44209 Acronis Agent 安全漏洞 — Acronis Cyber Protect Cloud Agent 7.8 -2023-10-04
CVE-2022-46869 Acronis Cyber Protect 后置链接漏洞 — Acronis Cyber Protect Home Office 7.8 -2023-08-31
CVE-2022-46868 Acronis Cyber Protect 安全漏洞 — Acronis Cyber Protect Home Office 7.8 -2023-08-31
CVE-2023-37855 PHOENIX CONTACTs WP 6xxx series web panels 安全漏洞 — WP 6070-WVPS 4.3 Medium2023-08-09

CWE-610(资源在另一范围的外部可控制索引) 是常见的弱点类别,本平台收录该类弱点关联的 46 条 CVE 漏洞。