CWE-649(Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking)描述一种在漏洞数据库与安全评估中使用的弱点类型;定义、背景与映射 CVE 见下方各节。
The product uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the product does not use integrity checks to detect if those inputs have been modified.
| 类型 | 名称 | 类 | 普遍性 | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
下列 CVE 在本库中映射到该弱点,并保留以便追溯与检索。
| CVE | 公开时间 | 摘要 |
|---|---|---|
| CVE-2025-41351 | 2026-01-28 | Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by th… |
| CVE-2025-5323 | 2025-05-29 | A vulnerability, which was classified as problematic, has been found in fossasia open-event-server 1.19.1. This issue affects the function send_email_change_user_email of the file /fossasia/open-event… |
| CVE-2024-10772 | 2024-12-06 | Since the firmware update is not validated, an attacker can install modified firmware on the device. This has a high impact on the availabilty, integrity and confidentiality up to the complete comprom… |
| CVE-2024-36279 | 2024-06-17 | Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vuln… |
| CVE-2010-3300 | 2021-06-22 | It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks. |
| CVE-2019-3730 | 2019-09-30 | RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known a… |
| 日期 | 名称 | 版本 | 重要性 | 评论 |
|---|---|---|---|---|
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Common_Consequences, Relationships, Observed_Example |
| 2008-10-14 | CWE Content Team | 1.0.1 | — | updated Description |
| 2009-10-29 | CWE Content Team | 1.6 | — | updated Common_Consequences |
| 2010-12-13 | CWE Content Team | 1.11 | — | updated Common_Consequences, Description, Enabling_Factors_for_Exploitation, Observed_Examples |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2011-06-27 | CWE Content Team | 2.0 | — | updated Common_Consequences |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Related_Attack_Patterns, Relationships |
| 2012-10-30 | CWE Content Team | 2.3 | — | updated Potential_Mitigations |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Relationships |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Applicable_Platforms, Description, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Observed_Examples, Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Observed_Examples, Relationships |
| 2020-12-10 | CWE Content Team | 4.3 | — | updated Description |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Common_Consequences, Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Weakness_Ordinalities |