1、 2022 年网络安全漏洞态势报告-新华三主动安全系列报告-目!录!#$%&$%!#$#$%!#$%&()#*!+#,-./0)#1&()()*+,-*+,-.+!#2&$%()#3+#$%45#6+*#78$%9:#;+1#,-0)4#!%/012,-/012,-!*!#2&$%()#!*+#$%45#!+*#78$%9:#!*1#,-0)4#!1 3 3 4567,-4567,-!8 1!#2&$%()#!=1+#$%45#!=1*#78$%9:#!3 11#,-0)4#!6 9 9:;,-:;!#2&$%()#!;+#$%45#+?*#78$%9:#+!1#,-0)4?12,-?12,-

2、&%=!#2&$%()#+*=+#$%45#+*=*#78$%9:#+1=1#,-0)4.ABCD,-ABCD,-&8 3!#2&$%()#+=3+#$%45#+=3*#78$%9:#+3 31#,-0)4#+;E E FGHIJFGHIJ&=6!#.#+;6+#ABCD#*?=GKGK%3#主动安全 !2022年网络安全漏洞态势报告年网络安全漏洞态势报告2EFAB,GHIJKLMNOPQRSAB$%T0)UVWXYZ4$%4Z4_abcdWefg2022 hRSAB$%0)ij kilmnop 2022 h$%T,-q./()Urst Web uvwxyzRS|yz4p$%4fT,-0)ki

3、q“6 U!UX$%=1U+UX$%+?+!h&!1*kAB$%&U7TX$%qdk+?!3 h+?+h$%./h&()UX$%h&!?k#主动安全#!#$%#&$%$()*+,-./#!$%$(012345+,67#!*#+,-./)#+?+h$%zU uv5$%XU 1!=UuvRS|$%U4+*!?U*kRS|$%zqwxyz$%UFq$%5URSABqk|$%hXU|R$%KLqMNk#1468216299177511792020203248920500010000150002000025000300000200040006000800010000120002017年2018年2019

4、年2020年2021年2022年超危高危中危低危总数超危16.4%高危40.0%中危41.5%低危2.1%主动安全$!8$%$(+,9:;67#+?+h$%,-45zU 1 UFq$%!#$%&NU4!1=U!*T 6?k(I)*+,-./01213U(I)*+45678I)9*+qI)(2:9:U;?4AQ(U/B;2:CDEqFA29FAGHIk,-./T0121345,-28rJU9012K*+U;?A67#hU._vabcCdqefg:MTshUiuahjkqlmknojpqprstqa,-uUvwrstqaUxyz|R|Web应用41.6%应用软件22.3%网络设备10.5%操作系统

5、10.3%云计算5.4%智能终端4.2%浏览器2.3%工控设备2.2%数据库1.1%缓冲区错误14.6%跨站脚本13.3%SQL注入8.0%输入验证错误5.9%权限许可和访问控制问题5.9%信息泄露5.7%资源管理错误4.5%拒绝服务4.4%代码注入4.1%命令注入3.8%代码问题3.8%路径遍历2.7%跨站请求伪造2.7%其他20.5%主动安全%uvMReUuk+?+hUaRSD6q,-dU+?+h$%RS,-qUd#BCDE+,?FGHCDEIJKLMNOP+?+?hed$“”u,-U+?+!hRSr-ABq&1$%U+?+hdp5 q7$%$”1$Uu$%RSqdklE_bcq-uvUB

6、lEGHqU;?STUFVWXYZX,-+?+hdhZqU,-“X”q,-gU“e”_,-gdhq()kiQU_RT“TWX”q&U7WhG_2k,-qdU,-d-k#8B?F%_+,abWcHdefghi0jPRqAB$%8&Uk45PR78U,-vAB$%q,-UhqUPrXqgPR$%TUur7qABTkWU,-d-qU,-|rqT!#?“$%Uv2qbc,-rstqRS%&U(-puvGq)k#=BklmnYopVWqr)stuDvwxy?*+,-Tr2dGZ.Tuq/0bcU RSAB12&3p0,-T4u8hqRSZqk56Ud,-v*+,-T&3RS,-U78ABG9yzU:qe