目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-923 通信信道对预期端点的不适当限制 类漏洞列表 45

CWE-923 通信信道对预期端点的不适当限制 类弱点 45 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-923属于通信通道端点验证缺陷。攻击者通过伪造或欺骗目标端点,使系统误认为正在与合法实体通信,从而绕过权限控制并获取同等访问权限。这常发生在特权操作或受保护资源的交互中。开发者应实施严格的身份验证机制,如使用数字证书、双向TLS或强签名协议,确保通信双方身份真实可信,防止中间人攻击或端点冒充。

MITRE CWE 官方描述
CWE:CWE-923 对通信信道到预期端点的限制不当 英文:产品为特权或受保护操作建立到(或来自)端点的通信信道,但未正确确保其正在与正确的端点进行通信。 攻击者可能能够从不同的系统或进程欺骗预期的端点,从而获得与预期端点相同级别的访问权限。虽然此问题通常涉及基于网络的客户端和服务器之间的身份验证,但其他类型的通信信道和端点也可能存在此弱点。
常见影响 (1)
Integrity, ConfidentialityGain Privileges or Assume Identity
If an attacker can spoof the endpoint, the attacker gains all the privileges that were intended for the original endpoint.
代码示例 (2)
These cross-domain policy files mean to allow Flash and Silverlight applications hosted on other domains to access its data:
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd"> <allow-access-from domain="*.example.com"/> <allow-access-from domain="*"/> </cross-domain-policy>
Bad · XML
<?xml version="1.0" encoding="utf-8"?> <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="SOAPAction"> <domain uri="*"/> </allow-from> <grant-to> <resource path="/" include-subpaths="true"/> </grant-to> </policy> </cross-domain-access> </access-policy>
Bad · XML
This Android application will remove a user account when it receives an intent to do so:
IntentFilter filter = new IntentFilter("com.example.RemoveUser"); MyReceiver receiver = new MyReceiver(); registerReceiver(receiver, filter); public class DeleteReceiver extends BroadcastReceiver { @Override public void onReceive(Context context, Intent intent) { int userID = intent.getIntExtra("userID"); destroyUserData(userID); } }
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2025-36145 IBM Watsonx.data 安全漏洞 — watsonx.data 5.4 Medium2026-05-26
CVE-2026-22726 CloudFoundry CF Deployment 和CloudFoundry Routing release 安全漏洞 — Routing release 5.0 Medium2026-04-30
CVE-2025-36180 IBM Watsonx.data 安全漏洞 — watsonx.data 5.3 Medium2026-04-30
CVE-2026-34205 Home Assistant 安全漏洞 — Home Assistant Operating System 9.7 Critical2026-03-27
CVE-2025-36438 IBM Concert 安全漏洞 — Concert 5.1 Medium2026-03-25
CVE-2025-62843 QNAP Systems QHora 安全漏洞 — QuRouter 6.8 -2026-03-20
CVE-2026-23664 Microsoft Azure IoT Explorer 安全漏洞 — Azure IoT Explorer 7.5 High2026-03-10
CVE-2025-27769 Siemens Heliox Flex 180 kW EV Charging Station和Siemens Heliox Mobile DC 40 kW EV Charging Station 安全漏洞 — Heliox Flex 180 kW EV Charging Station 2.6 Low2026-03-10
CVE-2025-61939 Columbia Weather Systems MicroServer 安全漏洞 — MicroServer 8.8 High2026-01-07
CVE-2025-33176 NVIDIA RunAI 安全漏洞 — RunAI 6.2 Medium2025-11-04
CVE-2025-12357 IEC ISO 15118-2 Network and Application Protocol Requirements 安全漏洞 — EV Car Chargers 6.3 Medium2025-10-31
CVE-2025-49734 Microsoft Windows PowerShell 安全漏洞 — PowerShell 7.4 7.0 High2025-09-09
CVE-2025-48807 Microsoft Hyper-V 安全漏洞 — Windows 10 Version 1607 6.7 Medium2025-08-12
CVE-2025-35978 Fujitsu UpdateNavi和UpdateNaviInstallService 安全漏洞 — UpdateNavi 7.8AIHighAI2025-06-12
CVE-2025-22251 Fortinet FortiOS 安全漏洞 — FortiOS 3.0 Low2025-06-10
CVE-2025-20261 Cisco Integrated Management Controller 安全漏洞 — Cisco Unified Computing System (Managed) 8.8 High2025-06-04
CVE-2025-48999 DataEase 安全漏洞 — dataease 7.5AIHighAI2025-06-03
CVE-2025-46566 DataEase 安全漏洞 — dataease 8.8AIHighAI2025-05-01
CVE-2025-23178 Ribbon Communications Apollo 9608 安全漏洞 — Apollo 9608 7.6 High2025-04-29
CVE-2025-31144 SIOS Technology Quick Agent 安全漏洞 — Quick Agent V3 9.8 -2025-04-27
CVE-2024-26013 Fortinet多款产品 安全漏洞 — FortiProxy 7.1 High2025-04-08
CVE-2025-29986 Dell Common Event Enabler 安全漏洞 — Common Event Enabler 8.3 High2025-04-08
CVE-2022-43916 IBM App Connect Enterprise Certified Container 安全漏洞 — App Connect Enterprise Certified Container 6.8 Medium2025-01-30
CVE-2024-22315 IBM Storage Fusion 安全漏洞 — Fusion 4.0 Medium2025-01-28
CVE-2024-47490 Juniper Networks Junos OS Evolved 安全漏洞 — Junos OS Evolved 8.2 High2024-10-11
CVE-2024-43571 Microsoft Sudo for Windows 安全漏洞 — Windows 11 Version 24H2 5.6 Medium2024-10-08
CVE-2024-47125 goTenna Pro 安全漏洞 — Pro 8.1 High2024-09-26
CVE-2024-39537 Juniper Networks Junos OS Evolved 安全漏洞 — Junos OS Evolved 6.5 Medium2024-07-11
CVE-2024-6222 Docker Desktop 安全漏洞 — Docker Desktop 7.8AIHighAI2024-07-09
CVE-2024-24974 OpenVPN 安全漏洞 — OpenVPN 2 8.3AIHighAI2024-07-08

CWE-923(通信信道对预期端点的不适当限制) 是常见的弱点类别,本平台收录该类弱点关联的 45 条 CVE 漏洞。