目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-922 敏感信息的不安全存储 类漏洞列表 99

CWE-922 敏感信息的不安全存储 类弱点 99 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-922属于敏感信息存储不当漏洞,指产品未限制非授权用户对敏感数据的读写权限。攻击者若获取读取权限,可直接窃取机密数据;若获取写入权限,则可篡改或删除数据,导致业务逻辑错误或拒绝服务。开发者应通过实施严格的访问控制列表、加密存储及最小权限原则,确保仅授权主体能访问或修改关键数据,从而有效防范此类风险。

MITRE CWE 官方描述
CWE:CWE-922 敏感信息的不安全存储 英文:该产品在存储敏感信息时,未对未授权主体的读取或写入访问进行适当限制。 如果读取访问未受到适当限制,则攻击者可以窃取敏感信息。如果写入访问未受到适当限制,则攻击者可以修改甚至可能删除数据,导致结果不正确,并可能引发拒绝服务(Denial of Service)。
常见影响 (2)
ConfidentialityRead Application Data, Read Files or Directories
Attackers can read sensitive information by accessing the unrestricted storage mechanism.
IntegrityModify Application Data, Modify Files or Directories
Attackers can overwrite sensitive information by accessing the unrestricted storage mechanism.
代码示例 (1)
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these…
CVE ID标题CVSS风险等级Published
CVE-2025-32751 Dell PowerFlex Manager 安全漏洞 — PowerFlex Manager (Appliance) 5.5 Medium2026-05-22
CVE-2025-32746 Dell PowerFlex Manager 安全漏洞 — PowerFlex Manager (Appliance) 4.0 Medium2026-05-22
CVE-2026-7257 Zyxel WRE6505 安全漏洞 — WRE6505 v2 firmware 4.4 Medium2026-05-12
CVE-2026-40868 Kyverno 安全漏洞 — kyverno 8.1 High2026-04-21
CVE-2026-26152 Microsoft Windows Cryptographic Services 安全漏洞 — Windows 10 Version 1607 7.0 High2026-04-14
CVE-2026-5666 Code-Projects Online FIR System 安全漏洞 — Online FIR System 5.3 Medium2026-04-06
CVE-2026-5650 Code-Projects Online Application System for Admission 安全漏洞 — Online Application System for Admission 5.3 Medium2026-04-06
CVE-2025-10734 WordPress plugin ReviewX 安全漏洞 — ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema 5.3 Medium2026-03-23
CVE-2025-10464 Birtech Senseway 安全漏洞 — Senseway 6.5 Medium2026-02-09
CVE-2025-14376 Rockwell Automation Verve Asset Manager 安全漏洞 — Verve Asset Manager 6.5AIMediumAI2026-01-20
CVE-2025-10971 MeetMe 安全漏洞 — MeetMe 6.5AIMediumAI2025-12-02
CVE-2025-12539 WordPress plugin TNC Toolbox Web Performance 安全漏洞 — TNC Toolbox: Web Performance 10.0 Critical2025-11-11
CVE-2025-11645 Tomofun Furbo Mobile App 安全漏洞 — Furbo Mobile App 2.4 Low2025-10-12
CVE-2025-11644 Tomofun Furbo 360和Tomofun Furbo Mini 安全漏洞 — Furbo 360 2.0 Low2025-10-12
CVE-2025-11639 Tomofun Furbo 360和Tomofun Furbo Mini 安全漏洞 — Furbo 360 3.3 Low2025-10-12
CVE-2025-35054 Newforma Project Center Server 安全漏洞 — Project Center 5.3 Medium2025-10-09
CVE-2025-8699 KioSoft Stored Value Unattended Payment Solutions 安全漏洞 — Stored Value Unattended Payment Solution 8.1 -2025-09-12
CVE-2025-54083 Calix GigaCenter ONT Series 安全漏洞 — GigaCenter ONT 9.8AICriticalAI2025-09-09
CVE-2025-53507 iND多款产品 安全漏洞 — HL330-DLS (for module MC7700) 6.5 -2025-08-29
CVE-2025-37110 HPE Telco Network Function Virtual Orchestrator 安全漏洞 — HPE Telco Network Function Virtual Orchestrator 6.0 Medium2025-07-31
CVE-2025-42979 SAP GUI for Windows 安全漏洞 — SAP GUI for Windows 5.6 Medium2025-07-08
CVE-2025-48929 TeleMessage 安全漏洞 — service 4.0 Medium2025-05-28
CVE-2024-13954 ABB多款产品 安全漏洞 — ASPECT-Enterprise 6.5 Medium2025-05-22
CVE-2025-2440 Schneider Electric Trio Q Licensed Data Radio 安全漏洞 — Trio Q Licensed Data Radio 4.2 Medium2025-04-09
CVE-2025-29809 Microsoft Windows Kerberos 安全漏洞 — Windows 10 Version 1507 7.1 High2025-04-08
CVE-2025-2489 NTFS Tool 安全漏洞 — Ntfs tool 5.5 -2025-03-18
CVE-2025-2241 Red Hat Advanced Cluster Management和Red Hat Multicluster Engine 安全漏洞 8.2 High2025-03-17
CVE-2025-2157 Red Hat Satellite 安全漏洞 — Satellite Server 3.3 Low2025-03-15
CVE-2025-21098 OpenHarmony 安全漏洞 — OpenHarmony 5.5 Medium2025-03-04
CVE-2025-22492 Eaton Foreseer Reporting Software 安全漏洞 — Foreseer Reporting Software (FRS) 6.3 Medium2025-02-28

CWE-922(敏感信息的不安全存储) 是常见的弱点类别,本平台收录该类弱点关联的 99 条 CVE 漏洞。