- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Quick Start
- Operation Guide
- Security Dashboard
- Asset Overview
- Server List
- Asset Fingerprint
- Vulnerability Management
- Baseline Management
- Malicious File Scan
- Unusual Login
- Password Cracking
- Malicious Requests
- High-risk Commands
- Local Privilege Escalation
- Reverse Shell
- Java Webshell
- Critical File Monitor
- Network Attack
- A Ransomware Defense
- Log Analysis
- License Management
- Cloud Access Management
- Hybrid Cloud Installation Guide
- FAQs for Beginners
- Cloud Workload Protection Description
- Practical Tutorial
- Troubleshooting
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Intrusion Detection APIs
- TrustMalwares
- RecoverMalwares
- MisAlarmNonlocalLoginPlaces
- DescribeNonlocalLoginPlaces
- DescribeMalwares
- DescribeBruteAttacks
- DeleteMalwares
- UntrustMalwares
- SeparateMalwares
- UntrustMaliciousRequest
- TrustMaliciousRequest
- ExportMaliciousRequests
- DescribeMaliciousRequests
- DeleteMaliciousRequests
- ModifyLoginWhiteList
- ExportNonlocalLoginPlaces
- ExportMalwares
- ExportBruteAttacks
- DescribeLoginWhiteList
- DeleteLoginWhiteList
- AddLoginWhiteList
- Overview Statistics-Related APIs
- Vulnerability Management-Related APIs
- Setting Center-Related APIs
- Asset Management APIs
- DescribeProcesses
- DescribeProcessTaskStatus
- DescribeProcessStatistics
- DescribeHistoryAccounts
- DescribeComponents
- DescribeComponentStatistics
- DescribeComponentInfo
- DescribeAccounts
- DescribeAccountStatistics
- CreateProcessTask
- EditTags
- DescribeTags
- DescribeTagMachines
- DescribeOpenPortTaskStatus
- DeleteMachineTag
- AddMachineTag
- CreateOpenPortTask
- Other APIs
- DescribeUsualLoginPlaces
- DeleteUsualLoginPlaces
- DeleteNonlocalLoginPlaces
- DeleteMachine
- DeleteBruteAttacks
- CreateUsualLoginPlaces
- CloseProVersion
- DescribeWeeklyReports
- DescribeWeeklyReportVuls
- DescribeWeeklyReportNonlocalLoginPlaces
- DescribeWeeklyReportMalwares
- DescribeWeeklyReportInfo
- DescribeWeeklyReportBruteAttacks
- DescribeOpenPorts
- DescribeOpenPortStatistics
- RenewProVersion
- OpenProVersionPrepaid
- ModifyProVersionRenewFlag
- InquiryPriceOpenProVersionPrepaid
- OpenProVersion
- Data Types
- Error Codes
- FAQs
- Agreements
- Contact Us
- Glossary
- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Quick Start
- Operation Guide
- Security Dashboard
- Asset Overview
- Server List
- Asset Fingerprint
- Vulnerability Management
- Baseline Management
- Malicious File Scan
- Unusual Login
- Password Cracking
- Malicious Requests
- High-risk Commands
- Local Privilege Escalation
- Reverse Shell
- Java Webshell
- Critical File Monitor
- Network Attack
- A Ransomware Defense
- Log Analysis
- License Management
- Cloud Access Management
- Hybrid Cloud Installation Guide
- FAQs for Beginners
- Cloud Workload Protection Description
- Practical Tutorial
- Troubleshooting
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Intrusion Detection APIs
- TrustMalwares
- RecoverMalwares
- MisAlarmNonlocalLoginPlaces
- DescribeNonlocalLoginPlaces
- DescribeMalwares
- DescribeBruteAttacks
- DeleteMalwares
- UntrustMalwares
- SeparateMalwares
- UntrustMaliciousRequest
- TrustMaliciousRequest
- ExportMaliciousRequests
- DescribeMaliciousRequests
- DeleteMaliciousRequests
- ModifyLoginWhiteList
- ExportNonlocalLoginPlaces
- ExportMalwares
- ExportBruteAttacks
- DescribeLoginWhiteList
- DeleteLoginWhiteList
- AddLoginWhiteList
- Overview Statistics-Related APIs
- Vulnerability Management-Related APIs
- Setting Center-Related APIs
- Asset Management APIs
- DescribeProcesses
- DescribeProcessTaskStatus
- DescribeProcessStatistics
- DescribeHistoryAccounts
- DescribeComponents
- DescribeComponentStatistics
- DescribeComponentInfo
- DescribeAccounts
- DescribeAccountStatistics
- CreateProcessTask
- EditTags
- DescribeTags
- DescribeTagMachines
- DescribeOpenPortTaskStatus
- DeleteMachineTag
- AddMachineTag
- CreateOpenPortTask
- Other APIs
- DescribeUsualLoginPlaces
- DeleteUsualLoginPlaces
- DeleteNonlocalLoginPlaces
- DeleteMachine
- DeleteBruteAttacks
- CreateUsualLoginPlaces
- CloseProVersion
- DescribeWeeklyReports
- DescribeWeeklyReportVuls
- DescribeWeeklyReportNonlocalLoginPlaces
- DescribeWeeklyReportMalwares
- DescribeWeeklyReportInfo
- DescribeWeeklyReportBruteAttacks
- DescribeOpenPorts
- DescribeOpenPortStatistics
- RenewProVersion
- OpenProVersionPrepaid
- ModifyProVersionRenewFlag
- InquiryPriceOpenProVersionPrepaid
- OpenProVersion
- Data Types
- Error Codes
- FAQs
- Agreements
- Contact Us
- Glossary
This document introduces the list of the security baseline detection in CWPP.
Note:
The security baselines will take effect immediately after product setup.
Name | Level | Vul_type |
Unauthorized access to CouchDB. | High | Improper configuration |
Docker Daemon 2375 management port is open. | High | Remote code execution |
Unauthorized access to Elasticsearch. | High | Improper configuration |
JavaRMI remote code execution | High | Remote code execution |
The lack of authentication in Jenkins can lead to command execution. | High | Remote code execution |
Unauthorized access to Kubelet. | High | Security baseline |
Weak password detection of the Linux system | High | Remote code execution. |
Unauthorized access to MongoDB. | High | Improper configuration |
Weak password detection of MySQL | High | Weak password |
NFS misconfiguration leads to mountable sensitive directory. | High | Improper configuration |
Baseline compliance detection of Redis | High | Remote code execution |
Improper configuration detection of RPCBind | High | Security baseline |
Weak password detection of Rsync | High | Weak password |
Rsync passwordless access | High | Improper configuration |
Weak password detection of Tomcat | High | Weak password |
Weak password detection of Windows users | High | Weak password |
Xampp default FTP password | High | Information leakage |
Backup files exist in the website directory. | High | Information leakage |
Anonymous log-in detection of FTP | Medium | Information leakage |
IIS misconfiguration leads to parsing vulnerability. | Medium | Improper configuration |
Memcached UDP port can be exploited for DDOS amplification attacks. | Medium | Information leakage |
PHP-FPM misconfiguration | Medium | Security baseline |
Compliance detection of PostgreSQL | Medium | Remote code execution |
Information leakage due to the presence of a .git folder exists in the Web directory. | Medium | Information leakage |
Information leakage due to the presence of a .svn folder exists in the Web directory. | Medium | Information leakage. |
Hidden account detection of Windows | Medium | Security baseline |
Shadow account detection of Windows | Medium | Remote code execution |
Unauthorized access to ZooKeeper. | Medium | Improper configuration |
Unauthorized access to Hadoop. | Low | Remote code execution |
Passwordless user detection of sudo | Low | Security baseline. |
Sample directory detection of Tomcat | Low | Security baseline |
A phpinfo file exists in the Web directory. | Low | Information leakage |
Guest account status detection of Windows | Low | Security baseline |
Yes
No
Was this page helpful?