CWE-341 15 個 CVE MITRE 定義 ↗

CWE-341:Predictable from Observable State

概覽

CWE-341(Predictable from Observable State)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

A number or object is predictable based on observations that the attacker can make about the state of the system or network, such as time, process ID, etc.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-38968 2026-07-02 ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during ses…
CVE-2026-36609 2026-06-03 Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 uses a static authentication nonce that does not change between requests from the same source IP. Combined with the predictable XOR-base…
CVE-2026-5081 2026-05-06 Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId (added in version 1.54) uses the value of the UNIQUE_I…
CVE-2026-42365 2026-05-03 A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. A…
CVE-2026-40164 2026-04-13 jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed (0x432A9843) for all JSON object hash table ope…
CVE-2025-40780 2025-10-22 In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This …
CVE-2025-42925 2025-09-08 Due to the lack of randomness in assigning Object Identifiers in the SAP NetWeaver AS JAVA IIOP service, an authenticated attacker with low privileges could predict the identifiers by conducting a bru…
CVE-2025-48461 2025-06-23 Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover as the session cookies are predictable, potentially allowing t…
CVE-2024-10141 2024-10-19 A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRET…
CVE-2023-49259 2024-01-12 The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time.
CVE-2021-4277 2022-12-25 A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshot_sync of the component Filename Handler. The m…
CVE-2020-5365 2020-05-20 Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account …
CVE-2020-1731 2020-03-02 A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password rem…
CVE-2019-6563 2019-03-05 Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device.
CVE-2018-17917 2018-10-10 All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and c…

內容提交

名稱
PLOVER
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Relationships, Taxonomy_Mappings
2009-03-10 CWE Content Team 1.3 updated Potential_Mitigations
2009-12-28 CWE Content Team 1.7 updated Potential_Mitigations
2010-06-21 CWE Content Team 1.9 updated Potential_Mitigations
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2011-06-27 CWE Content Team 2.0 updated Common_Consequences
2011-09-13 CWE Content Team 2.1 updated Potential_Mitigations, References
2012-05-11 CWE Content Team 2.2 updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Modes_of_Introduction, References, Relationships
2020-02-24 CWE Content Team 4.0 updated Relationships
2021-07-20 CWE Content Team 4.5 updated Maintenance_Notes
2023-04-27 CWE Content Team 4.11 updated References, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes, Relationships
2025-09-09 CWE Content Team 4.18 updated References
2025-12-11 CWE Content Team 4.19 updated Detection_Factors, Observed_Examples, Weakness_Ordinalities
cvelogic Threat Intelligence