漏洞情报:MITRE ATT&CK 矩阵

本矩阵将漏洞情报映射至 MITRE ATT&CK 战术维度,从攻击者视角剖析初始访问、持久化等阶段的利用逻辑。通过关联 Exploit 资源与 TTPs,呈现特定攻击路径下的风险暴露。系统动态驱动漏洞管理优先级,帮助团队发现防御缺口,从被动扫描转向基于路径的主动防御。

Initial Access Execution Privilege Escalation Lateral Movement Defense Evasion Credential Access Impact Reconnaissance/Resource Development
Stored/Reflected XSS
CVE: 46081
RCE / Command Execution
CVE: 20181
CSRF Session Abuse
CVE: 9408
SSRF Pivoting
CVE: 2897
Path Traversal
CVE: 9994
Cryptographic Weakness
CVE: 6322
Information Disclosure
CVE: 10304
Resource Development Exposure
CVE: 47330
SQL Injection
CVE: 19866
Out-of-Bounds Write
CVE: 14335
Missing Authorization
CVE: 8612
Open Redirect Pivoting
CVE: 1567
Malicious File Upload Entry
CVE: 4188
Hard-coded Credentials
CVE: 1738
Resource Exhaustion/DoS
CVE: 3237
Untrusted Update Channel Exposure
CVE: 884
Generic Input/Entry Manipulation
CVE: 5803
Memory Corruption
CVE: 14038
Authorization/Privilege Bypass
CVE: 8051
Spoofing to Internal Trust Pivoting
CVE: 621
XXE Injection
CVE: 1268
Insufficiently Protected Credentials
CVE: 1392
Allocation Without Limits or Throttling
CVE: 2004
Inclusion of Untrusted Third-Party Components
CVE: 284
Command Injection Entry Point
CVE: 3607
Out-of-Bounds Read
CVE: 9056
Authentication Bypass
CVE: 7132
Origin Validation Bypass Pivoting
CVE: 615
File Inclusion
CVE: 1267
Cleartext Transmission of Sensitive Information
CVE: 893
Improper Resource Shutdown or Release
CVE: 742
Externally Controlled Reference Exposure
CVE: 236
Expression/Template Injection
CVE: 204
Use-After-Free
CVE: 7915
Improper Access Control
CVE: 5434
Trust Boundary Pivoting
CVE: 486
Security Misconfiguration
CVE: 457
Credential Theft/Exposure
CVE: 850
Service Exhaustion / DoS
CVE: 72
Template Engine Injection
CVE: 182
XPath Injection
CVE: 142
Code Injection
CVE: 6639
Incorrect Authorization
CVE: 3262
Confused Deputy Pivoting
CVE: 102
Relative Path Traversal
CVE: 450
Cleartext Storage of Sensitive Information
CVE: 810
Availability Disruption
CVE: 8
Use of Unmaintained Third-Party Components
CVE: 21
LDAP Injection
CVE: 70
Buffer/Memory Corruption
CVE: 6275
Improper Privilege Management
CVE: 2885
Reverse DNS Trust Abuse
CVE: 24
Environment Evasion
CVE: 82
Weak Cryptographic Algorithm
CVE: 684
- Supply-Chain Exposure
CVE: 2
Parser Injection Entry
CVE: 2
OS Command Injection
CVE: 6153
Missing Authentication for Critical Function
CVE: 2531
- Link Resolution Abuse
CVE: 10
Hard-coded Crypto Key
CVE: 305
- Recon/Discovery Weakness
CVE: 1
- Stack/Heap Overflow
CVE: 4314
IDOR/BOLA
CVE: 2004
- - Cleartext Credential Exposure
CVE: 166
- Unmaintained Component Exposure
CVE: 1
- Integer Overflow to Execution
CVE: 3390
Authorization Bypass
CVE: 1408
- - Weak Password Hashing
CVE: 118
- Untrusted Search Path Exposure
CVE: 1
- Unsafe Deserialization
CVE: 2950
Session/Token Privilege Abuse
CVE: 413
- - - - -
- Type-Confusion/Sandbox Escape
CVE: 831
Privilege Escalation Vector
CVE: 128
- - - - -
cvelogic Threat Intelligence