1、 2022 年网络安全漏洞态势报告-新华三主动安全系列报告-目!录!#$%&$%!#$#$%!#$%&()#*!+#,-./0)#1&()()*+,-*+,-.+!#2&$%()#3+#$%45#6+*#78$%9:#;+1#,-0)4#!%/012,-/012,-!*!#2&$%()#!*+#$%45#!+*#78$%9:#!*1#,-0)4#!1 3 3 4567,-4567,-!8 1!#2&$%()#!=1+#$%45#!=1*#78$%9:#!3 11#,-0)4#!6 9 9:;,-:;!#2&$%()#!;+#$%45#+?*#78$%9:#+!1#,-0)4?12,-?12,-

2、&%=!#2&$%()#+*=+#$%45#+*=*#78$%9:#+1=1#,-0)4.ABCD,-ABCD,-&8 3!#2&$%()#+=3+#$%45#+=3*#78$%9:#+3 31#,-0)4#+;E E FGHIJFGHIJ&=6!#.#+;6+#ABCD#*?=GKGK%3#主动安全 !2022年网络安全漏洞态势报告年网络安全漏洞态势报告2EFAB,GHIJKLMNOPQRSAB$%T0)UVWXYZ4$%4Z4_abcdWefg2022 hRSAB$%0)ij kilmnop 2022 h$%T,-q./()Urst Web uvwxyzRS|yz4p$%4fT,-0)ki

3、q“6 U!UX$%=1U+UX$%+?+!h&!1*kAB$%&U7TX$%qdk+?!3 h+?+h$%./h&()UX$%h&!?k#主动安全#!#$%#&$%$()*+,-./#!$%$(012345+,67#!*#+,-./)#+?+h$%zU uv5$%XU 1!=UuvRS|$%U4+*!?U*kRS|$%zqwxyz$%UFq$%5URSABqk|$%hXU|R$%KLqMNk#77524892050000000250003000002000400060008000017年2018年2019

4、年2020年2021年2022年超危高危中危低危总数超危16.4%高危40.0%中危41.5%低危2.1%主动安全$!8$%$(+,9:;67#+?+h$%,-45zU 1 UFq$%!#$%&NU4!1=U!*T 6?k(I)*+,-./01213U(I)*+45678I)9*+qI)(2:9:U;?4AQ(U/B;2:CDEqFA29FAGHIk,-./T0121345,-28rJU9012K*+U;?A67#hU._vabcCdqefg:MTshUiuahjkqlmknojpqprstqa,-uUvwrstqaUxyz|R|Web应用41.6%应用软件22.3%网络设备10.5%操作系统

5、10.3%云计算5.4%智能终端4.2%浏览器2.3%工控设备2.2%数据库1.1%缓冲区错误14.6%跨站脚本13.3%SQL注入8.0%输入验证错误5.9%权限许可和访问控制问题5.9%信息泄露5.7%资源管理错误4.5%拒绝服务4.4%代码注入4.1%命令注入3.8%代码问题3.8%路径遍历2.7%跨站请求伪造2.7%其他20.5%主动安全%uvMReUuk+?+hUaRSD6q,-dU+?+h$%RS,-qUd#BCDE+,?FGHCDEIJKLMNOP+?+?hed$“”u,-U+?+!hRSr-ABq&1$%U+?+hdp5 q7$%$”1$Uu$%RSqdklE_bcq-uvUB

6、lEGHqU;?STUFVWXYZX,-+?+hdhZqU,-“X”q,-gU“e”_,-gdhq()kiQU_RT“TWX”q&U7WhG_2k,-qdU,-d-k#8B?F%_+,abWcHdefghi0jPRqAB$%8&Uk45PR78U,-vAB$%q,-UhqUPrXqgPR$%TUur7qABTkWU,-d-qU,-|rqT!#?“$%Uv2qbc,-rstqRS%&U(-puvGq)k#=BklmnYopVWqr)stuDvwxy?*+,-Tr2dGZ.Tuq/0bcU RSAB12&3p0,-T4u8hqRSZqk56Ud,-v*+,-T&3RS,-U78ABG9yzU:qe

7、d2q$%Ue7q;?z|HABNRSAB|RS$%AM C DE_k#+?+hFUC efpGH*+I“JKLUI“JKL MNOUABPQRSvGH*+I“JKLUpTUAVWXZYZqRS?|kURS,-v I“JKL pC2q_kI“JKL _5rq2q2qaqZk#zBM|UUHMU45bRhMq8cUqedbRU-quv6(lekiWU2dGuv_ fCCLgWhM_oeijU;uvklTm)-U5hqn,-opBqr,-CL lsvU 主动安全&;?Tk#+?+hOPe7tuU+?+h+U=+!T+?+h=U=tuU3+?+h 3 U=*tu!?kABur-lmk#BAKL+,*

8、F2qUUpB-PLMqkzqRS“”fU_ Lhu9PRUseRSuvBDTXUp-qABkLM&qRSouu,-Up=U$%vAMRS?:,qv9|01T:qyzLMuq,-ULM5$%&kLMq-8yzTR%&q8JkQiULMqeyzouRLM01qOPe01vwxR|qABG_13UqABGep-qlmk#&B“”ee R|q&U+?+h!?-qR|kR|qTABUO7qAB13UHmyzql01m9ABKU“p-,-qRSl8kv)pBR|vq,-gk,-R|qv42*I$,-xPR,-_RS|:K_|STWX_k5RRS/T*U”RSU-RSv5$,-UR|RSqV/k#$#$应

9、用漏洞应用漏洞!*!#0&$%()#uvq,-5bRqZEdUbRGUrq:lTrvqgXuvleqWUprqAB13k+?+h2EF$%uv$%!?166 U+?+!h;!?*&!+k+?+!hT+?+h uv$%h()#主动安全 !z$%$#$%$(Dv)*+,./#*#$%12#Bv uv$%RSU2e+PRST-zWXqqk/+?+h uv$%!#N,-./T01213Fo5kUB?$%5kq=k!#N uvq$%Uv!#$%U/v I TBK?_o,-vN$%U/TrCvU9Iyz_Ud;RAGH;M_k#!$%$(Dv+,A67#!02004006008000

10、1月2月3月4月5月6月7月8月9月10月11月12月2021年2022年跨站脚本攻击25.6%注入24.9%权限许可和访问控制问题16.1%代码问题5.8%资源管理错误5.6%信息泄露5.5%跨站请求伪造5.2%输入验证错误4.2%路径遍历4.0%其他3.1%主动安全 (*3#45$%67#$%$(Dv+,)*+,-./012334!56#$%&!()*#+%,-./012345678(9:;=;?=A!=BC!DE!#$%&!FGH)IJ%!K#L#!MNOP678(9:;=;?QA!=BC!QE!RS$%*!RTUKUV01WX45678(9:;=;A!=B=!ZEC!RS$%*!RJ#

11、&)_01WX45678(9:;=;YCCA!=B=B!CEC!KS#J+I!(&)ab!ca+%dJ)+!KT:Hefghi678(9:;=;ZD?A!=B=?BZ!ZEC!KS#J+I!c#$j)#k!KS#J+I;l$+012345678(9:;=;ZDA!=B=?B?=!ZEC!Rd&$mmJ$+!nJ#$opqr678(9:;=;=Y=A!=B=YB=!ZEC!:#&$+Istuvwxy1()kJ01WX45678(9:;=;YQ=DA!=B=YBD!ZEC!Rd&$mmJ$+!()+&a+%012345678(9:;=;?YA!=B=DB=?!ZEC!zJdH$G012345678

12、(9:;=;CA!=!CEC!RS$%*!()jj)+m!()+JIa#$dJ)+_WX45678(9:;=;?ZC=A!=B=QB=D!ZEC!RS$%*!KS$#k!K*&WXhi678(9:;=A!=C!CEC!Rd&$mmJ$+!lJdGa%kd!K#L#!WXhi678(9:;=;?DC=YA!=B=CB!CEC!RS$%*!()jj)+m!|d_WX45678(9:;=;YCCZA!=B?!ZEC!KS&a+k!:+d#S#Jm012345678(9:;=A!=B=!CEC!RS$%*!KRT2345678(9:;=;Y?QCA!=BY!ZEC!RS$%*!RJ#&)23hi678

13、(9:;=;YQA!=BY!QEC!($%dJWXhi678(9:;=DZA!=B=!ZEC!$SJWX4567!=?WX4567!=!ZEC!RS$%*!&J+!WXhi678(9:;=;Y?ZDA!=?#主动安全 78 4O”“7qd5 CC qUv5le?Tm-k4fg uvRSuvTuvq“uve+UOPQuv4stk$%45#”“#&#$”q/0(I)13U:OPI)qA,-/_*VDp”“#&#$”Ut6;”“#&e+01q:,r29U;qvgU _UAqhsv*VDee+Ut6e+IFAk#l$”#I#J#$L&gN$%I+?+;=*#$”“#XMaqdYlEU$”#I#J#5#

14、$”#J#qU(TU.leR!qT:MUbN5e#k$%45$”#I#J q$JJ 5:rJveqU;#$”#”“)*”#$”+uqdlEUp3-ICL#,I_Uqv5h#“#Yuvqle)TleOk+?+h*!U,*“”#“-ef$%iU$”#”“)*”LMGHI$%I+?+;=U.$”$9$”1$k /;0%&U vq$”1B$%k$%45$”:M23U/;0q$”%&ULM,-/4qU _q 5ST C&“NAaU6e *2Ut6FA78ZsU;LMGHIk5$”1$qv)&1$-U45-U$”1$%,-9vUiI,”“AU?RS_k#l CJ“#I LMGHI$%I+?+=!*1#CJ

15、“#I CJ“7qb*MU/xdmqU_:Hd12RqVxTek+?+h=*U CJ“ef;iU Ime+U5;_LMGHI6AUxykPQR+*8Wq?q L A CJ“$%pvUxy C&”UI”)J”_k#l LfL#=?!*I$%#dBCDqYO6 LfL leUEF C“+lEVDefUt$J”J GpCTHIUWJpOQKLMqTfgUvuqleT,I fgU NOp$J”J qPQT“&R$q$,STT CJ$”fgk K*UV(U&(_e+%&UK,$%&L$%&$%&J o L kW LfL lXpYZU,-/:,”UqA OHdsxU/_ J“”_K U?4_dvUx:#s

16、HdLMGHIUt6/IAGHSTe+2,-k#主动安全 77*8#+,/)19#B?FGH?-dG uvM CL aU CL uvq&ABeq8bU A,-qLclkCL dVpK7qeU(-UVU6 CL.Q?:01Ut6uvMUpeQqkzq ,-U CL,-frqevUq CL efuq$%UHd:,01_Ugq,-hU)K-kn5,-)_z GviU_bq CL ABmjGkKDO CL D6”8klU CL lD6 CL CL _;?C yzx5uqd%U leqAB/Bvy-mUvp$%qU98nXH-oqOGH23_ku,-(0hq,GpqqrUC yz,-H,-p“”Gqst

17、U quPQvDnwxyk?4 C yz&1$%qzU;Cyzq,-|k#$操作系统漏洞操作系统漏洞!3!#0&$%()#wxyzRSWXyzq/0MUAB/Mp*yzqABT/kwxyzxzq,-U$%7Kk+?+h2EF$%qwxyz$%.+=?*U+?+!h.+1*;&U+?+!hT+?+hwxyz$%h()3 k#主动安全 79!&$%$#$%$()*+,./#3*#$%12#wxyzuvTeaqUAB$%RSABqTk5wxyzUMNqSX2,-U6HrcfqRSr-q=T/k+?+hwxyz,-./T01213U+*=U$%dq$%UWWXtu(I)*+_$%wxyzq13U 6

18、k#!$%$(+,A67#!05003003504001月2月3月4月5月6月7月8月9月10月11月12月2021年2022年权限许可和访问控制问题23.6%缓冲区溢出21.5%信息泄露10.4%输入验证错误10.0%资源管理错误9.5%注入6.9%拒绝服务6.4%竞争条件问题5.9%其他5.6%主动安全 7!33#45$%67#$%$(+,)*+,-./012334!56J%#)m)d!FJ+b)m!T012345678(9:;=;Z=QA!=B!ZEC!J%#)m)d!j)d!T#)%ba#!($&!a+dJj012345678(9:;=;DC=ZA!=!ZEC!F

19、J+b)_012345678(9:;=;A!=!ZEC!FJ+b)m_012345678(9:;=;DZ?QA!=!ZEC!J%#)m)d!FJ+b)m!R%dJL!J#%d)#678(9:;=;DZ?A!=!ZEC!FJ+b)m!“cK”678(9:;=;DZ?QA!=!ZEC!jm;jmbd01WX45678(9:;=Z=A!=B=B?=!QEC!J%#)m)d!FJ+b)m!R%dJL!J#%d)#012345678(9:;=;?=DA!=!CEC!J%#)m)d!:|%*$+I!K#L#678(9:;=Y=A!=B=ZB?=!CEC!J%#)m)d!:|%*$+I!K#L#014523

20、678(9:;=CA!=B=ZB?=!CEC!J%#)m)d!:|%*$+I!K#L#!FRKKc678(9:;=C=A!=B=C!ZEC!“d&)I)+!T(!678(9:;=;?C=?A!=B=C!CE!HJ+a|!J#d!TJS678(9:;=;=CYQA!=B lap*#$LI:Aq*e+C,-k#l,”J#(“LMGHI$%#I+?+1!?1?U#I+?+1!?6+#,”J#(“#$”gqdz|ek(“#$”/vuv5,q|yz9|yzk+?+h!;,”J efpdABr2Up5(“q?“$%UX I+?+1!?1?T I+?+1!?6+Uz.“L”($J$”“vk,-/v L”($

21、J$%q(“yza L*”$IFAGHkn$%5+?+h;sU;UC”yz$%*yz$%UdkC”xq-:wxyzU+?+hu?“$%“v”kUC”wxyz$%*U$%qwxyzk#主动安全 7$!$%$(+,A67#$BvlIJ?wxyzP/eqM$%$%v RS?_,-p-kGq3U,-,-bcUOG9v8bcIbcUHdXq8GNUn:,-bcqd7k2izU-Ibcv*T#B+U45sv*#,“)J#J”)J“J,;r2Ugp C qd7$%U CJ#”J”$ae,-$%I+?+=;+*U,-/v$%PRk+?+h!+U L“$v“C$”q$%vU4 I+?+1!?6?T I+?+1!

22、?6+q2$%vU_ J#CC U,-g(“e+UHdLMGHIk#Android23.3%Windows22.9%Apple13.4%Linux13.2%网络设备9.8%HarmonyOS6.8%Dell2.9%其他7.7%主动安全 7%网络设备漏洞网络设备漏洞!8!#0&$%()#74+G*_|xMWXUOAB”O-MNq78kRS|$%/;|,-U6;?U+?+!h+=KU+?+!hT+?+hRS|5$%h()!?k#!#%$%$#$%$(e)*+,./#8*#$%12#52bcqeU yzqbvprqRS|URSyzABUprqUou,-q,-u-&k45RS|OABq7U+?+!hd

23、ql$%+?+h-U-dU*!+kN,-./T01213-U4+1T!=!U!k#05003003504001月2月3月4月5月6月7月8月9月10月11月12月2021年2022年 主动安全 7&!#$%$(e+,A67#83#45$%67#8$%$(e+,)*+,-./012334!56(Jm%)!Kj$&!lamJ+mmqr678(9:;=;=Q=A!=BB?!ZEC!T;HU“!H;FCY=“!WXhi678(9:;=;=D=A!=BB!ZEC!K)S*)m!Vzqr678(9:;=Y=A!=B?B!ZEC!;HJ+kU;C=HWXhi678(9:;=;DCA!=

24、B?BQ!ZEC!c!lUz;UT!J()+d#)&!:K 012345678(9:;=?CCA!=BBY!ZEC!|&!WXhi678(9:;=;?=A!=D6678(9:;=;CZA!=C!QE!c)#dJ+d!c)#dJKopqr678(9:;=;Y=DCYA!=BQ!ZEC!#$%8#l I#$)“#,N$%I+?+?3?#I#$)“#OPIqd*kI#$)“#$#y74+*+$%U$%45Bvpqqk,-/_vopBJWBU5;72vmrqBU9_2x2q缓冲区溢出31.2%注入24.5%权限许可和访问控制问题16.1%拒绝服务5.6%跨站脚本5.4%输入验证错误4.9%信息泄露4.

25、5%资源管理错误1.9%路径遍历1.5%其他4.3%主动安全 7BNOPI)*2t6vi$%kv$%.,-#V XmRYq,-TUvi_oq$%ed,-k#l L&/#&$61?#N$%I+?+?=?#&$61?Oqd74+kL&/#&$61?$#=+?#!6?3?;0AB$%U$%E5“J“”JL 25 qTjUA,-_eUOqqr%OUt6AIk#l#KL#IJ”#$:,LMGHI$%I+?+!*66#KL O qdpRS:muvMABmVb_quvykIJ”#$IJ”qUv$”J“J“#$J“J#”“”#$v9#|Yqbk$%5 IJ”#$U$%.:OPI)q,-_ml9O L A KL

26、 yzRS01Ut6IFAyzpC9sv KL qek45#KL v5YRSU,-i/RSUc_k$%LI“v5+?+h !?lUO I$C 5 !6 bi$%efABiU$%ik#l”JJ#”J$)N$%I+?+1?=61#”JJ#”J$O”JJqdbv5”JK“J RSABqABwxyzkyzvGGEL$U$&L PCT|_oABkq”J$”JL”($T”J$*J,“”67qm”uUA,-/_v|v789_jNOPI)U:OP)q”_2q fL 9 fL$%mROP2uIFAwxk#88#+,/)19#Be+,uxy;vHdeRS|xoRSqM8U,p;U/x,-PR*TWXUMAB6AB

27、WXq7k+?+h*UE74+kMq I$#AZU;uefdPiUBABk+?+h=U“#&J#&“edpdo$C q2kLM01_$C U:_$f|LMxRU,-qbcTMLOcKqZqk+?+h=FU 2 J.C$)#IJ dOxpq&74+Upp 66 wxTRqk+?+h;U g-,&QRS,-qijQefUiuOPMRS|RSe+RRS*z*74+G_2UXzTkRS|$%_qMNUwq+k#$Be+,HRSAB67v*RSuvMMyzT9ZU$%qW8S-s7Ul;,-4&!6+U+?+!hT+?+h$%h()!*k#226322232403603004005

28、006007002002020212022 主动安全 98!#8$%$#$%$(M)*+,./#:*#$%12#,$%&xzqMykU45GHlE0U+?+h$%5dU.$%q 1=*U !1 k,“”“dv,“”“q,$%&40U+?+hou$%U!=!Uk#!#=$%$(M+,67#t$%5k4fUe(I)*+,-./T01213Fo5kUB?$%5kq*3U !k N$%$%+?+!h&-U 5Ur/LMvq$%5kU,-hk#007080901月2月3月4月5月6月7月8月9月10月11月12月2021年2022年Oracle MySQL46

29、.3%MariaDB16.1%YottaDB4.8%Couchbase4.8%Redis2.4%Oracle Database2.1%SQLite2.1%PostgreSQL1.8%IBM DB21.8%其他17.9%主动安全 97!#z$%$(M+,A67#:3#45$%67#=$%$(M+,)*+,-./012334!56#$%&!KH!K#L#”678(9:;=;C=A!=BZ!DE?!bJmHa$qrWX45678(9:;=;=Y?A!=B=C!QEC!RS$%*!()a%*l!012345678(9:;=;YQ=DA!=B=YBD!ZEC!T)mdI#KH!nl(!#JL#!KHhi

30、678(9:;=ZQA!=B=CB=?!CE=!KHJd-”678(9:;=;?Q?QA!=1*#$O$#&“qdlEqv C$#I XZKRS/5P/K”hqk/$“UoYZq CLk$p&“XMYZx拒绝服务24.6%输入验证错误15.7%权限许可和访问控制问题13.4%注入12.2%缓冲区溢出9.2%代码问题7.1%信息泄露5.3%资源管理错误4.5%其他8.0%主动安全 99#U/_“vU&“hqU/&“q$#CL bk“VJ e0qE x$U&“pd“U,-/vnqV0“qU67IFAqqk#l C“#I#LMGHI$%_iI+?+13?=#C“#I O C“Bqv”“leqdusq

31、yzkC“#I#*+0012*+$%U:,qLM,-/_01lUN,-I)SmR,-Ume+k#l LJ”$%&#I#”#$%&N$%I+?+*!;3#LJ”$%&doBq4qMykmyz$,$U-,*yleq L$K$k yzK-?4$%&p.U Q6e+_kLJ”$%&#I#”dv L”#“$#1XZqlE I MU v5 LJ”$%&#RSVD_Wk LJ”$%&#I#”#1+(1+*(1+1(0$%&N$%U$%E5xYqAU,-v$%/uvMqI vOPI$%&k#l$%&J“”$%I+?+*3*3#$%&J dMPqYgU:qSdsUHdpe+Kqeq$%&kW,-$%&J q=-

32、a(gax%!9*g5kU/BqU;e9FAGHIk#:8#+,/)19#BM+,H0+,0hU_UVAB137UOABMNk45O$%#Ua$RK8WU;,pq-k+?+h!UJ#L“J RSABReddK*+qU%4;edoup&6+OT(-qWX)kDqle$RABA83UK:*4+q,-U;?DA_g(UqtuUU7-k#$B;MQRKL?*+?+hq,-KL&UzqAsyzfus8WUP?k+?+h UQ“J“”ABG,qU;?U iy.=+?U6.ip+3;/?knA0eduu1lmUrM7k#主动安全 9!工控系统漏洞工控系统漏洞!;!#0&$%()#45-R_2dGWXbc2q

33、bcNOU2yz4t2q3?l4D*b4hhkS4-eqWUdp-ABU 2yzqoRS,-YU z 56 h 78972E/uv_MaqMRSdB,-q7k+?+h2EF$%q$%.=*U.+?+!h3*+:!?1U+?+!hT+?+hyz$%h()!=#!#$%$#$%$(p)*+,./#;*#$%12#8W5zq6ABUyzRSABGT;9,-_,-2qq6yz9R=k|qX$%;EXYKLZbcuvUqU2yzqABGU4-lmkzU+?+h,-./T01213N_yzq13U!3 k#0204060801001201月2月3月4月5月6月7月8月9月10月11月12月2021年202

34、2年 主动安全 9#!#&$%$(p+,A67#;3#45$%67#z$%$(p+,)*+,-./012334!56&d$!U+bamd#J$&!Rad)j$dJ)+!UR:+#IJ!KHhi678(9:;=?DQA!=BB!ZEC!()+d%!K)&$#9J!()jS$%d_WXhi678(9:;=;Z?=?A!=!ZEC!T)#dk!Tpqr678(9:;=QYA!=?!QE!()+d%!K)&$#9J!()jS$%d678!(9:;=?Q?A!=BDB!DE!RbL$+d%*!J9J!WXhi678(9:;=;Y?A!=BQB!ZEC!RbL$+d%*!J9J!IdR&R%dJL#$Sm

35、!m$#%*!b$d!KH678(9:;=;?A!=BQB!QE!#$%8#l J“#J”“#CJ)“J#C”#$%&N$%I+?+!*=3#J“#J”#C”dEmyzUv5HT4ETV Lh|C6:M-XEk J“#J”#C”$%&N$%U$%E5 f“”I“($%&?NN8k,-v$%/Hd$%&.TCIyzk#l IJ#$“”*#I)“J wxyzN$%I+?+;*?*#缓冲区溢出27.8%权限许可和访问控制问题24.0%注入15.0%输入验证错误6.8%信息泄露6.3%跨站脚本5.1%拒绝服务4.6%资源管理错误3.3%路径遍历2.8%其他4.3%主动安全 9$IJ#$“”*#I)“J

36、 IJ qdvAezquvyzkIJ#$“”*#I)“J#=?#0N$%U$%E5$“”*#I)“J q)“fwN8U,-/v$%NAk#l C“J#*#N$%I+?+!1*#C“J#*O C“J qd5DRSVD$,L B#$)“”J”(|mqkC“J#*#3?1=1=;+0N$%U$%E5vqRq8WIU,-v$%/LMIFAGHk#;8#+,/)19#Bp?L0HQR?yzq,-BpyzqraUqC6Cz_-vfqpU8W5 RS,-Upr3Ur-k+?+hB7-AB,-U,-,-jUv.9=owqU.DXEU7k+?+h FUz2q4&GHI5JEKLMq6N,-Uy*1?q.+?+h

37、;U#I)J”RuUOwxMp,-U!?4k,-8U.qPU|NuC6CUQde6BOUqkRO78 J“#K)f#K”RS,-;ST?U4V8zWq:TXaG(J”#J”“J“,-UYMB-?4eU4-k/Uyzd=,-Uu4-UOcABPeTZB_q7k#$Bpe!3#$%&()*0+P4+?+hqBRS,-U t78RS,-EA,-U-q96_RS,-STH56mj_,-_UpKgqwUna:RSABBw8hYk+?+h 3UOefqg+?+1 bhRSABa|cj3LcMABMbcqdTeDUuRSABZk+?+h!3 UOMWXABOcKU#*;+?1+?+efUnOdMWXABqO

38、cUWfpOMWXq7kyzOcMWXq7?4UWMRS,-q78k#主动安全 9%(云计算平台漏洞云计算平台漏洞!*U+?+!h.!1;:U+h$%&()!6#!#$%$#$%$(,-./0)*+,./#*#$%12#ABGahjkuq-lmdk +?+hzU$%5k4f,-./T01213WXtu(I)*+_U!;kOPI),-2)mim_8qABk#020406080067891011122021年2022年 主动安全 9&!#$%$(,-./0+,A67#3#45$%67#$%$(,-./0+,)*+,-./012334!56RS$%*RSJ

39、mJ|01WX45678(9:;=;A!=B!ZEC!9$#!($#G)+!l&$%k!RSS!()+d#)opqr678(9:;=;ZCCA!=BB!DE!KS#J+I!(&)ab!z$d$!R%da$d)#!RTUefghiWX678(9:;=;ZYQA!=!=E=!RS$%*!KS$#kWXhi67!=B?BD!ZEC!9$#!F)#kmS$%!“:!R%mm!c#j$#k#shi678(9:;=;ZYA!=BYBC!ZEC!9$#!F)#kmS$%!“:!R%mm!nl(012345678(9:;=;ZQA!=?!QE!RS$%*!RSJmJ|678(9:;=;ZDDA!=BYB!QE

40、!9$#!F)#kmS$%!“:!R%mm!Upqr678(9:;=;ZQA!=BB?=!ZEC!KS#J+I!(&)ab!ca+%dJ)+678(9:;=;ZQZA!=BDB!QE!RS$%*!KS$#k!K*&WXhi678(9:;=A!=C!CEC!权限许可和访问控制问题31.8%注入12.7%输入验证错误12.0%信息泄露8.9%跨站脚本8.7%拒绝服务7.2%资源管理错误4.4%路径遍历4.3%缓冲区溢出4.1%其他5.9%主动安全 99$#pqr678(9:;=DDA!=!ZEC!#$%8#l$”#I#K“J*“$#CJ“J”#CL gN$%I+?+;13#$”#I#K“J*“$”

41、#I qdB2U5$”#”“)*”T$”#J#Cq CL RMU:jgedoDzdq#CL#74mgkI+?+;13$%W$”#I#K“J*“$XvTou8ABq K“J*“$#CJ“J”#8Uv#$”#I#K“J*“$quvM/GHN,-k,-/qA%*FALMGHIk 45 CL RMgedklmgeuvlq7xvUdAB13geu5k+?+h 1 UPQR)$J RSAf41U#I+?+;3#,*“”RSThbchTmUKo2h eqyTma2guvT5geuvk+?+h 1 U,*“”;efpX,$C+?+?!T,$C+?+?!+q$%_iUxX$%U67,*“”#”“#CJJ$#,“

42、”$“-#CJ)“J 4v5#&(#q#,*“”#f”-#IJ _k#I+?+;1,*“”#”“#C#”)“”e+fN$%U45,*“”#”“#C#:rJveq%UA,-_qqK%Ue+HhpCJIJ(Jq*+Ap”qU;3,*“”#”“#C#I LMGHI$%U,*“”#”“#CJJ$#,“”#T#$“-#CJ)“J#LMGHI$%UmR,-qA,-U/_eAq#I#V$#6e8/WqhUt6e+IFAGHk#l C“#$“”#$N$%I+?+*6;!#C“#$“”OC“Bq$qdKF%:TPq-vfk$“”L85rr4v5*+,-_sGq,“$kC“#$“”#V p_Kt$“”“Xv“q/

43、kvOPI)+Un.vt9CuvMq01,-kXvp“UfJJ$”J$J”qGH78/.=_FAvIfk Av/01,-.Uq(Cd V(#I:Un;FA Ik#主动安全 9(?5OP./-DDDEU2eq?;dxvyz$%9$%l,-U 8Wvq,-jdyzk J“*rv$%9opB$f K&(e+U;$I#J L2k“)st_$%*TeqHU2q*k/#$”J$iv AMCR7ne$,-U|*k#$B678,/0fg-%&/l01q$*T C-”#D6UndoX/vq*+KU.tuqQkOPm01,-ABK_uq8;qAB)mU;tuk+?+h+U!O$”J“45*+Kq C)“-#$*;

44、?sOPI)/l01k+?+h!?Ugd45e+8K*+U/;eqWXU$I$“”Uoupw!+*OcU!cqWXk$#f“J *?MTABbRqU*q0.qC+9/”J?*+KU K*+qZk#)总结与建议总结与建议!=!#-#+?+hUB7-RSABeUu,-,-eM,-vftu wM,-_RSZKLk WU RS,-qU hT6hURS,-8:U,-grcURSAB)(1k#5X$%KLUv)-q$%,-8UlE$%z-sUCq-quAB*UVW$%LMq:aq-wxyze$%,-/SX2,-UC aT(“$%Uv,-6sTqqU6yz$%5XeU“?“$edUZABRS“”|$%q+h

45、U,-PRqyzAB457-U8Nq&UB 主动安全 !8w8YMh_M$%UM$%vGHstURSABed$%vU7pMqABk#t,-jU,-dhhq8k_hU$%v,-8XYqbU6l2Xq()eURS/PUrXrqg-8WR$%Tk*+,-T_2bcuv5,-URS4er*6;l Uvhhleoui_k/4aqCD#B Dv9:5uvyzquv|dqABU)yzO8,-9pk_=ogqOPI)vUJOPI)MABqkpGdA(U|(qT IkQ|+yzqABKUVqvq,-mwxqABdkQi uvyzOABCD#l OPI)muT3lkyzI)l|dqkRq)D3OP)*2U I)H

46、 0l_k 5qUVU ”J“)“)J”“J”_UyzAH;C:.9vk#l BmBM8.CqWXUxB0qd?4e+T$k8_“a9 V$&7Z_8ABqgT$k8vq:d/qWXBWX”UGBWXCkv;42qBU8Lvv:vqk#l,-mv,-hhT4kdqTq,-k,Tve+U J,e+Hk 8,T I9“a UGCkv01 e+8lqPCUuogIMq012k#l UVUVHi_(k“a8gsgqUVkvABqHUVWXk#l M8MHi_hU8GHalTi5qUVk#l ABd5eaz01C_zuHq)UxyqE Lq5keqx_k#l GHABleMUNAGHABUxy$%&Nv

47、(#I mWXtu_ZqaGkGHNWXxWX$%&YWXk#主动安全 !7l AB0ABr2U3ABKABU8_v,-yzk#$B9:wxyzauvMq%&UwxyzqF$%/uvMqABk_wxyzABU/%&U2DEq01U2%&qQ?01k#wxyzqABTCD#l v-2e+*qvU8qTqvJNd/Wve+*qm01,-UauvMq4q01,-k#l HleTmwxyzABqHUvX3Hvik#l syzvqY,-U2”U01,-UpgJ01,-qvUDEq01k#l RSeNvauvMqeUU/8 L$9$f eRSev01,-qYJ e+01,-qv8/01 J:vqeaU:w

48、xyzX9N:vqlUyzq/l8yzl!*3!*6 T!*;Mq J$Zk#l yz.ABr2UJe2qwxyzAuCDq2k#l wxyzhh87quvM/qyz$%k#l)T)ABMqUxyTqNTv,-qrCyzsU_-2yzsq01,-UAB$C)KsqABk#l|PyzDEk#8Be9:RS|RS57KURSAB675“”GqMUW67d$%UBq7qABZk#5vABCD#l K|u67ABk#l?uK|q012,-U8W|3,-SX,-01UVRk#l|aGr01,-2 L-2_ UM8qek#l a|uWf|)Tdk#l W$%dUyN|qr2;k#5NABCD#l 67ef

49、u67qABk#l MN2qABbcU67$%qF_Q?k#主动安全 !9=BM9:$%567Oq23U4NU_67qgdk$%,-qg/vF67UABCD#l Tv,-hhiUKU4uvyzvqh,-qUFeQq,-/q,-8k#l ANq$%U45oQ U_bc9”k#l ABKUA8BlXABKU*4+uvq;U/lXOqABKB-:84,-qk#l ThhiU5vU-?48BvkOuvTa$;Udvqh-k8vqU/vuquk#l KX3HU-l9lk#zBp9:dxdG2yz4M?4*”u f,ULMD$VUOmyzT/XM#2+L&Ik4o?4q2yz8EC_RVOmyzUyzq

50、V$l38ULM$_j:-2U;6RoubRk#QiUCDIwx3yzaAB#l 42yzqleT6%&k#l _2RS“”G|2RSR9bRq“”ABGU Gq2RSbRk-22yzubRl_ fL L J_X_vRSek#l _GR_G|2RSABa#ABGU72|?|VDcx.qG|U-2wxk#l 93*8q V$v_lUJvU_*QABmbcjH012k#l*uveDE0101_MvOP)mU5M|yzTq01vQR)k#l O45K,-Uh,i4,-k#l 3h2|$ICC _W|_qHU8vl9lUr2lk#l LM01vD012_ABU 01-2U v|ULM$vbvRSL_L

51、Mgk#l 2RS?RSAB|UedRS,-9zU72|?|VDcx.qG|U-2wxk#l 2yzqM01UwxMABdk#主动安全 !B,-.9:5hT4fgbcUe8DDdo4fgU64fgvVbRS|PTh_*bcO-qABFk 5ABmR/MNuvOq6AB#l uv27quAB527u%qABuv6ABqE&UduuvC)27qABdu27U4eT?Cuq012UABdTI*2U)27E&qABk#l,-KT)eEF,-hhi5ABmRUveq012UOP?q,-/yUEF,-hhiKDEq012Q2DE01)qeU5/q,-qe)k#l MNuvTuvaABpKH|qDE%dQU

52、ABma$R|KuvaABqMNUedAB,-T/qABk#l AB$%T0r2*yzUC+9OqAB$%U/A,-vuvP?qU ABma$Reqq;AB$%qT0r2k#主动安全 !#*结语结语!+?+hURSdHwNURS()rU2bcqe42q,-V/URS,-8:U,-grfUadbNObqe0)kRS,-KLRSABZBABUOcABki)UORSAB7UMABMbcvkua&qRSABZU2EFBdpABqq/0UKL2bcPQU3Z$%Ur!wBuqRSAB0)V/yURSABGk#;B8B?AB$%$)CDEFGHIJK!#$%&()*+,-./0123456789:;?1239ABCDEFGHIJKLGMHQRSTS)*+,-?U0VDSTWXJ5Y9Z&P1239AB_9abc&defghijkiflillimllfnofpqfrgsi&主动安全 新华三以主动安全理念为核心 致力于成为客户业务数字化转型的助力者 融绘数字未来 共享美好生活