CWE-923 64 個 CVE MITRE 定義 ↗

CWE-923:Improper Restriction of Communication Channel to Intended Endpoints

概覽

CWE-923(Improper Restriction of Communication Channel to Intended Endpoints)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology Not Technology-Specific Undetermined
technology Web Based Undetermined
technology Web Server Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-8920 2026-07-14 Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted…
CVE-2026-59841 2026-07-14 A improper restriction of communication channel to intended endpoints vulnerability in Fortinet FortiSIEMWindowsAgent 7.4.0 through 7.4.1 may allow attacker to escalation of privilege via <insert atta…
CVE-2026-57028 2026-07-09 An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion.…
CVE-2026-33803 2026-07-09 An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited informati…
CVE-2026-55655 2026-06-23 A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket nam…
CVE-2026-12539 2026-06-18 Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart…
CVE-2026-12039 2026-06-18 Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the…
CVE-2025-36145 2026-05-26 IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.
CVE-2026-22726 2026-04-30 Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure …
CVE-2025-36180 2026-04-30 IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.
CVE-2026-34205 2026-03-27 Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps (formerly add-ons) configured with host network mode expose unauthenticated endpoi…
CVE-2025-36438 2026-03-25 IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints.
CVE-2026-32318 2026-03-20 Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 2.8.3, an integrity check vulnerability allows an attacker tamper with the vault c…
CVE-2026-32317 2026-03-20 Cryptomator for Android offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 1.12.3, an integrity check vulnerability allows an attacker tamper with the va…
CVE-2026-32303 2026-03-20 Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vulnerability allows an attacker to tamper with the vault configuration file leading to a ma…
CVE-2025-62843 2026-03-20 An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to…
CVE-2026-23664 2026-03-10 Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
CVE-2025-27769 2026-03-10 A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station (All versions < F4.11.1), Heliox Mobile DC 40 kW EV Charging Station (All versions < L4.10.1). Affected devices contain im…
CVE-2026-22715 2026-02-26 VMWare Workstation and Fusion contain a logic flaw in the management of network packets.  Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt…
CVE-2025-58742 2026-01-20 Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows all…

曾用名

  • Improper Authentication of Endpoint in a Communication Channel (2014-02-18)

內容提交

名稱
CWE Content Team
組織
MITRE
日期
2013-06-23
版本
2.5

內容修訂

日期 名稱 版本 重要性 評論
2014-02-18 CWE Content Team 2.6 updated Description, Name, Relationships
2017-11-08 CWE Content Team 3.0 updated Modes_of_Introduction, Relationships
2019-01-03 CWE Content Team 3.2 updated Related_Attack_Patterns
2020-02-24 CWE Content Team 4.0 updated Relationships
2021-03-15 CWE Content Team 4.4 updated Maintenance_Notes
2022-10-13 CWE Content Team 4.9 updated Related_Attack_Patterns, Relationships
2023-01-31 CWE Content Team 4.10 updated Description, Related_Attack_Patterns, Relationships
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2023-10-26 CWE Content Team 4.13 updated Observed_Examples
2024-02-29 CWE Content Team 4.14 updated Demonstrative_Examples
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Observed_Examples, Weakness_Ordinalities
cvelogic Threat Intelligence