CWEs That Violate the Auto-Update CWE Top 25 Standard

Results and Reports

Publication
Results and Reports
Edition date
2023-02-03
Last publication
2023-02-03T16:58:49.515278

This table lists all the CWEs that may cause an application to not pass a policy that includes the Auto-Update CWE Top 25 policy rule.

CWE ID CWE Name Static Support Dynamic Support Veracode Severity
20 Improper Input Validation X   0 - Informational
22 Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) X X 3 - Medium
23 Relative Path Traversal      
73 External Control of File Name or Path X   3 - Medium
77 Improper Neutralization of Special Elements used in a Command ('Command Injection') X 5 - Very High
78 Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) X X 5 - Very High
79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) X X 3 - Medium
80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) X X 3 - Medium
81 Improper Neutralization of Script in an Error Message Web Page   3 - Medium
83 Improper Neutralization of Script in Attributes in a Web Page   X 3 - Medium
86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages X   3 - Medium
89 Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) X X 4 - High
90 Improper Neutralization of Special Elements used in an LDAP Query (LDAP Injection) X   3 - Medium
91 XML Injection (aka Blind XPath Injection) X X 3 - Medium
94 Improper Control of Generation of Code (Code Injection) X   3 - Medium
95 Improper Neutralization of Directives in Dynamically Evaluated Code (Eval Injection) X X 5 - Very High
98 Improper Control of Filename for Include/Require Statement in PHP Program (PHP Remote File Inclusion) X X 4 - High
103 Struts: Incomplete validate() Method Definition X   3 - Medium
104 Struts: Form Bean Does Not Extend Validation Class X   3 - Medium
112 Missing XML Validation X   3 - Medium
119 Improper Restriction of Operations within the Bounds of a Memory Buffer      
120 Buffer Copy without Checking Size of Input (Classic Buffer Overflow)   5 - Very High
121 Stack-based Buffer Overflow X   5 - Very High
125 Out-of-bounds Read X   3 - Medium
131 Incorrect Calculation of Buffer Size      
135 Incorrect Calculation of Multi-Byte String Length X   5 - Very High
185 Incorrect Regular Expression X   2 - Low
190 Integer Overflow or Wraparound X   5 - Very High
259 Use of Hard-coded Password X X 3 - Medium
276 Incorrect Default Permissions   3 - Medium
287 Improper Authentication X X 4 - High
306 Missing Authentication for Critical Function   3 - Medium
321 Use of Hard-coded Cryptographic Key X X 3 - Medium
352 Cross-Site Request Forgery (CSRF) X X 3 - Medium
362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')      
366 Race Condition within a Thread X 3 - Medium
367 Time-of-check Time-of-use (TOCTOU) Race Condition X 3 - Medium
400 Uncontrolled Resource Consumption 2 - Low
416 Use After Free X   2 - Low
434 Unrestricted Upload of File with Dangerous Type   X 4 - High
470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) X   3 - Medium
476 NULL Pointer Dereference      
502 Deserialization of Untrusted Data X   3 - Medium
564 SQL Injection: Hibernate X   4 - High
601 URL Redirection to Untrusted Site (Open Redirect) X X 3 - Medium
611 Improper Restriction of XML External Entity Reference X X 3 - Medium
618 Exposed Unsafe ActiveX Method X   5 - Very High
693 Protection Mechanism Failure X X 3 - Medium
787 Out-of-bounds Write X   3 - Medium
798 Use of Hard-coded Credentials X   3 - Medium
830 Inclusion of Web Functionality from an Untrusted Source   X 2 - Low
862 Missing Authorization      
915 Improperly Controlled Modification of Dynamically-Determined Object Attributes X   3 - Medium
918 Server-Side Request Forgery (SSRF) X X 3 - Medium
1174 ASP.NET Misconfiguration: Improper Model Validation X   2 - Low