CWE-749 暴露危险的方法或函数 类弱点 127 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-749指危险方法或函数暴露,属于接口访问控制缺陷。当API包含未受限制的危险功能时,攻击者可利用该接口直接调用敏感操作,从而引发权限提升、数据泄露或系统破坏等严重后果。开发者应避免将高危功能暴露给外部,通过实施严格的身份验证、细粒度权限管理及最小权限原则,确保仅授权用户能访问特定方法,从而有效缓解此类风险。
public void removeDatabase(String databaseName) { try { Statement stmt = conn.createStatement(); stmt.execute("DROP DATABASE " + databaseName); } catch (SQLException ex) {...} }private void removeDatabase(String databaseName) { try { Statement stmt = conn.createStatement(); stmt.execute("DROP DATABASE " + databaseName); } catch (SQLException ex) {...} }// Android @Override public boolean shouldOverrideUrlLoading(WebView view, String url){ if (url.substring(0,14).equalsIgnoreCase("examplescheme:")){ if(url.substring(14,25).equalsIgnoreCase("getUserInfo")){ writeDataToView(view, UserData); return false; } else{ return true; } } }// iOS -(BOOL) webView:(UIWebView *)exWebView shouldStartLoadWithRequest:(NSURLRequest *)exRequest navigationType:(UIWebViewNavigationType)exNavigationType { NSURL *URL = [exRequest URL]; if ([[URL scheme] isEqualToString:@"exampleScheme"]) { NSString *functionString = [URL resourceSpecifier]; if ([functionString hasPrefix:@"specialFunction"]) { // Make data available back in webview. UIWebView *webView = [self writeDataToView:[URL query]]; } return NO; } return YES; }| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2019-10918 | 西门子 SIMATIC WinCC 安全漏洞 — SIMATIC PCS 7 V8.0 and earlier | 8.8 | - | 2019-05-14 |
| CVE-2019-5015 | Pixar Renderman 代码问题漏洞 — Pixar Renderman | 7.8 | - | 2019-03-08 |
| CVE-2018-10931 | Cobbler 资料不足漏洞 — cobbler | 9.8 | - | 2018-08-09 |
| CVE-2018-8868 | Medtronic MyCareLink Patient Monitor、24950 MyCareLink Monitor和24952 MyCareLink Monitor 安全漏洞 — 24950 MyCareLink Monitor | 6.2 | Medium | 2018-07-02 |
| CVE-2016-9469 | GitLab 安全漏洞 — GitLab Community Edition & GitLab Enterprise Edition 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1 | 8.2 | - | 2017-03-28 |
| CVE-2014-5415 | Beckhoff Embedded PC图像和Automation Device Specification TwinCAT组件安全漏洞 — Embedded PC Images | 9.1 | Critical | 2016-10-05 |
| CVE-2014-0758 | ICONICS GENESIS32 ActiveX控件输入验证漏洞 — GENESIS32 | 7.8 | - | 2014-02-24 |
CWE-749(暴露危险的方法或函数) 是常见的弱点类别,本平台收录该类弱点关联的 127 条 CVE 漏洞。