CWEs That Violate the OWASP Mobile Standard

Results and Reports

This table lists all the CWEs that may cause an application to not pass a policy that includes an OWASP Mobile policy rule.

CWE ID CWE Name Static Support Veracode Severity
15 External Control of System or Configuration Setting X 4 - High
73 External Control of File Name or Path X 3 - Medium
77 Improper Neutralization of Special Elements in a Command X 5 - Very High
78 Improper Neutralization of Special Elements in an OS Command X 5 - Very High
80 Improper Neutralization of Script Related HTML Tags X 3 - Medium
88 Improper Neutralization of Argument Delimeters X 3 - Medium
89 Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) X 4 - High
114 Process Control X 5 - Very High
183 Permissive List of Allowed Inputs X 3 - Medium
201 Information Exposure Through Sent Data X 2 - Low
209 Information Exposure Through an Error Message X 2 - Low
215 Information Exposure Through Debug Information X 2 - Low
242 Use of Inherently Dangerous Function X 5 - Very High
252 Unchecked Return Value X 2 - Low
256 Unprotected Storage of Credentials X 3 - Medium
259 Use of Hard-coded Password X 3 - Medium
287 Improper Authentication X 4 - High
296 Improper Following of a Certificate's Chain of Trust   3 - Medium
297 Improper Validation of Certificate with Host Mismatch X 3 - Medium
311 Missing Encryption of Sensitive Data X 3 - Medium
312 Cleartext Storage of Sensitive Information X 3 - Medium
313 Cleartext Storage in a File or on Disk X 3 - Medium
316 Cleartext Storage of Sensitive Information in Memory X 3 - Medium
319 Cleartext Transmission of Sensitive Information X 3 - Medium
321 Use of Hard-coded Cryptographic Key X 3 - Medium
326 Inadequate Encryption Strength X 3 - Medium
327 Use of a Broken or Risky Cryptographic Algorithm X 3 - Medium
329 Not Using a Random IV with CBC Mode X 2 - Low
331 Insufficient Entropy X 3 - Medium
345 Insufficient Verification of Data Authenticity X 4 - High
347 Improper Verification of Cryptographic Signature X 2 - Low
354 Improper Validation of Integrity Check Value X 3 - Medium
377 Insecure Temporary File X 3 - Medium
378 Creation of Temporary File With Insecure Permissions   3 - Medium
404 Improper Resource Shutdown X 0 - Informational
415 Double Free X 3 - Medium
416 Use After Free X 2 - Low
470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) X 3 - Medium
489 Leftover Debug Code X 3 - Medium
497 Exposure of System Data to an Unauthorized Control Sphere X 2 - Low
501 Trust Boundary Violation X 3 - Medium
506 Embedded Malicious Code X 4 - High
511 Logic/Time Bomb X 5 - Very High
514 Covert Channel X 2 - Low
522 Insufficiently Protected Credentials X 3 - Medium
601 URL Redirection to Untrusted Site X 3 - Medium
614 Sensitive Cookie without Secure Attribute X 2 - Low
676 Use of Potentially Dangerous Function X 3 - Medium
693 Protection Mechanism Failure X 3 - Medium
732 Incorrect Permission Assignment for Critical Resource X 3 - Medium
757 Selection of Less Secure Algorithm During Negotiation X 3 - Medium
798 Use of Hard-coded Credentials X 3 - Medium