...
| Anchor | ||||
|---|---|---|---|---|
|
This section includes rule mapping The following rule mappings for the CWE standard are included:
- CWE Top 25 2024 Mapping
- CWE Top 25 2023 Mapping
- CWE Weaknesses On the Cusp 2024 Mapping
- CWE Weaknesses On the Cusp 2023 Mapping
- CWE 417 Mapping
. The mapping information for other standards is available in the PDF rule mapping files shipped with Compliance Packs.
CWE Top 25 2024 Mapping
ID | Name/description | Parasoft rule ID(s) |
|---|---|---|
CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
|
CWE-787 | Out-of-bounds Write |
|
CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
|
CWE-352 | Cross-Site Request Forgery (CSRF) |
|
CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
|
CWE-125 | Out-of-bounds Read |
|
CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
|
CWE-416 | Use After Free |
|
CWE-862 | Missing Authorization |
|
CWE-434 | Unrestricted Upload of File with Dangerous Type |
|
CWE-94 | Improper Control of Generation of Code ('Code Injection') |
|
CWE-20 | Improper Input Validation |
|
CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
|
CWE-287 | Improper Authentication |
|
CWE-269 | Improper Privilege Management |
|
CWE-502 | Deserialization of Untrusted Data |
|
CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor |
|
CWE-863 | Incorrect Authorization |
|
CWE-918 | Server-Side Request Forgery (SSRF) |
|
CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
|
CWE-476 | NULL Pointer Dereference |
|
CWE-798 | Use of Hard-coded Credentials |
|
CWE-190 | Integer Overflow or Wraparound |
|
CWE-400 | Uncontrolled Resource Consumption |
|
CWE-306 | Missing Authentication for Critical Function |
|
CWE Top 25 2023 Mapping
...
ID
...
Name/description
...
Parasoft rule ID(s)
...
CWE-787
...
Out-of-bounds Write
...
- CWE.787.ARRAY
- CWE.787.ARRAYSEC
...
CWE-79
...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
...
- CWE.79.EACM
- CWE.79.TDDIG
- CWE.79.TDRESP
- CWE.79.TDXML
- CWE.79.TDXSS
- CWE.79.VPPD
- CWE.79.ARXML
...
CWE-89
...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
...
- CWE.89.TDSQL
- CWE.89.UPS
...
CWE-416
...
Use After Free
...
- CWE.416.FREE
...
CWE-78
...
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
...
- CWE.78.TDCMD
...
CWE-20
...
Improper Input Validation
...
- CWE.20.ARRAY
- CWE.20.INTOVERF
- CWE.20.FREE
- CWE.20.ARRAYSEC
- CWE.20.TDINPUT
- CWE.20.TDLIB
- CWE.20.TDLOG
- CWE.20.TDRESP
- CWE.20.TDRFL
- CWE.20.BSA
- CWE.20.CACO
- CWE.20.CLP
- CWE.20.ICO
- CWE.20.IOF
- CWE.20.CAI
- CWE.20.NATV
- CWE.20.SYSP
- CWE.20.AEAF
- CWE.20.CSVFV
- CWE.20.NATIW
- CWE.20.APIBS
- CWE.20.BUSSB
- CWE.20.UCO
- CWE.20.DFV
- CWE.20.EV
- CWE.20.PLUGIN
...
CWE-125
...
Out-of-bounds Read
...
- CWE.125.ARRAY
- CWE.125.ARRAYSEC
...
CWE-22
...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
...
- CWE.22.TDFNAMES
...
CWE-352
...
Cross-Site Request Forgery (CSRF)
...
- CWE.352.EACM
- CWE.352.TDRESP
- CWE.352.TDXSS
- CWE.352.VPPD
- CWE.352.UOSC
- CWE.352.DCSRFJAVA
- CWE.352.DCSRFXML
- CWE.352.REQMAP
...
CWE-434
...
Unrestricted Upload of File with Dangerous Type
...
- CWE.434.TDFNAMES
...
CWE-862
...
Missing Authorization
...
- CWE.862.PERMIT
- CWE.862.LCA
...
CWE-476
...
NULL Pointer Dereference
...
- CWE.476.NP
- CWE.476.DEREF
...
CWE-287
...
Improper Authentication
...
- CWE.287.TDPASSWD
- CWE.287.UPWD
- CWE.287.PLAIN
- CWE.287.PCCF
- CWE.287.PTPT
- CWE.287.PWDPROP
- CWE.287.PWDXML
- CWE.287.UTAX
- CWE.287.WCPWD
- CWE.287.WPWD
- CWE.287.CKTS
- CWE.287.DNSL
- CWE.287.HCCK
- CWE.287.HCCS
- CWE.287.HTTPRHA
- CWE.287.HV
- CWE.287.PBFA
- CWE.287.SSM
- CWE.287.USC
- CWE.287.VSI
- CWE.287.MLVP
...
CWE-190
...
Integer Overflow or Wraparound
...
- CWE.190.INTOVERF
- CWE.190.BSA
- CWE.190.CACO
- CWE.190.CLP
- CWE.190.ICO
- CWE.190.IOF
...
CWE-502
...
Deserialization of Untrusted Data
...
- CWE.502.SSSD
- CWE.502.MASP
- CWE.502.AUXD
- CWE.502.SC
- CWE.502.RWAF
- CWE.502.VOBD
...
CWE-77
...
Improper Neutralization of Special Elements used in a Command ('Command Injection')
...
- CWE.77.TDCMD
...
CWE-119
...
Improper Restriction of Operations within the Bounds of a Memory Buffer
...
- CWE.119.ARRAY
- CWE.119.FREE
- CWE.119.ARRAYSEC
- CWE.119.BUSSB
...
CWE-798
...
Use of Hard-coded Credentials
...
- CWE.798.HCCK
- CWE.798.HCCS
...
CWE-918
...
Server-Side Request Forgery (SSRF)
...
- CWE.918.TDNET
...
CWE-306
...
Missing Authentication for Critical Function
...
- CWE.306.SSM
...
CWE-362
...
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
...
- CWE.362.TOCTOU
- CWE.362.DCL
...
CWE-269
...
Improper Privilege Management
...
- CWE.269.DPANY
- CWE.269.LDP
- CWE.269.PCL
...
CWE-94
...
Improper Control of Generation of Code ('Code Injection')
...
- CWE.94.TDCODE
- CWE.94.DCEMSL
- CWE.94.ASAPI
...
CWE-863
...
Incorrect Authorization
...
- CWE.863.DSR
- CWE.863.SRCD
...
CWE-276
...
Incorrect Default Permissions
...
- CWE.276.ASNF
- CWE.276.CFAP
CWE Weaknesses On the Cusp 2024 Mapping
...
ID
...
Name/description
...
Parasoft rule ID(s)
...
CWE-770
...
Allocation of Resources Without Limits or Throttling
...
- CWE.770.TDALLOC
- CWE.770.ISTART
...
CWE-668
...
Exposure of Resource to Wrong Sphere
...
- CWE.668.SENS
- CWE.668.SENSLOG
- CWE.668.TDINPUT
- CWE.668.TDLIB
- CWE.668.TDPASSWD
- CWE.668.RR
- CWE.668.UPWD
- CWE.668.MFP
- CWE.668.IMM
- CWE.668.PSFA
- CWE.668.PLAIN
- CWE.668.SYSP
- CWE.668.SPFF
- CWE.668.CONSEN
- CWE.668.PEO
- CWE.668.RA
- CWE.668.SIF
- CWE.668.SIO
- CWE.668.ATF
- CWE.668.PCCF
- CWE.668.PTPT
- CWE.668.PWDPROP
- CWE.668.PWDXML
- CWE.668.UTAX
- CWE.668.WCPWD
- CWE.668.WPWD
- CWE.668.ACPST
- CWE.668.APIBS
- CWE.668.ASNF
- CWE.668.CFAP
- CWE.668.CKTS
- CWE.668.CLONE
- CWE.668.EWSSEC
- CWE.668.IDP
- CWE.668.INNER
- CWE.668.PBRTE
- CWE.668.SCHTTP
- CWE.668.SER
- CWE.668.USC
- CWE.668.UCO
...
CWE-74
...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
...
- CWE.74.EACM
- CWE.74.TDCMD
- CWE.74.TDCODE
- CWE.74.TDDIG
- CWE.74.TDJXPATH
- CWE.74.TDLDAP
- CWE.74.TDNET
- CWE.74.TDRESP
- CWE.74.TDSQL
- CWE.74.TDXML
- CWE.74.TDXPATH
- CWE.74.TDXSS
- CWE.74.VPPD
- CWE.74.UPS
- CWE.74.XPIJ
- CWE.74.DCEMSL
- CWE.74.ARXML
- CWE.74.ASAPI
- CWE.74.DFV
...
CWE-427
...
Uncontrolled Search Path Element
...
- CWE.427.PBRTE
...
CWE-639
...
Authorization Bypass Through User-Controlled Key
...
- N/A
...
CWE-532
...
Insertion of Sensitive Information into Log File
...
- CWE.532.SENSLOG
- CWE.532.CONSEN
...
CWE-732
...
Incorrect Permission Assignment for Critical Resource
...
- CWE.732.ASNF
- CWE.732.CFAP
- CWE.732.IDP
- CWE.732.SCHTTP
...
CWE-601
...
URL Redirection to Untrusted Site ('Open Redirect')
...
- CWE.601.TDNET
- CWE.601.TDRESP
- CWE.601.VRD
- CWE.601.UCO
...
CWE-362
...
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
...
- CWE.362.TOCTOU
- CWE.362.DCL
...
CWE-522
...
Insufficiently Protected Credentials
...
- CWE.522.TDPASSWD
- CWE.522.UPWD
- CWE.522.PLAIN
- CWE.522.PCCF
- CWE.522.PTPT
- CWE.522.PWDPROP
- CWE.522.PWDXML
- CWE.522.UTAX
- CWE.522.WCPWD
- CWE.522.WPWD
- CWE.522.CKTS
- CWE.522.USC
...
CWE-276
...
Incorrect Default Permissions
...
- CWE.276.ASNF
- CWE.276.CFAP
...
CWE-203
...
Observable Discrepancy
...
- N/A
...
CWE-59
...
Improper Link Resolution Before File Access ('Link Following')
...
- CWE.59.FOLLOW
- CWE.59.LNK
...
CWE-843
...
Access of Resource Using Incompatible Type ('Type Confusion')
...
- CWE.843.EQUS
...
CWE-312
...
Cleartext Storage of Sensitive Information
...
- CWE.312.PLAIN
- CWE.312.PLC
- CWE.312.PWDPROP
CWE Weaknesses On the Cusp 2023 Mapping
...
ID
...
Name/description
...
Parasoft rule ID(s)
...
CWE-617
...
Reachable Assertion
...
- CWE.617.ASSERT
...
CWE-427
...
Uncontrolled Search Path Element
...
- CWE.427.PBRTE
...
CWE-611
...
Improper Restriction of XML External Entity Reference
...
- CWE.611.XMLVAL
- CWE.611.DXXE
...
CWE-770
...
Allocation of Resources Without Limits or Throttling
...
- CWE.770.TDALLOC
- CWE.770.ISTART
...
CWE-200
...
Exposure of Sensitive Information to an Unauthorized Actor
...
- CWE.200.SENS
- CWE.200.SENSLOG
- CWE.200.CONSEN
- CWE.200.PEO
- CWE.200.SIO
- CWE.200.ACPST
- CWE.200.EWSSEC
...
CWE-732
...
Incorrect Permission Assignment for Critical Resource
...
- CWE.732.ASNF
- CWE.732.CFAP
- CWE.732.IDP
- CWE.732.SCHTTP
...
CWE-601
...
URL Redirection to Untrusted Site ('Open Redirect')
...
- CWE.601.TDNET
- CWE.601.TDRESP
- CWE.601.VRD
- CWE.601.UCO
...
CWE-1321
...
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
...
- N/A
...
CWE-295
...
Improper Certificate Validation
...
- CWE.295.HV
- CWE.295.VSI
...
CWE-522
...
Insufficiently Protected Credentials
...
- CWE.522.TDPASSWD
- CWE.522.UPWD
- CWE.522.PLAIN
- CWE.522.PCCF
- CWE.522.PTPT
- CWE.522.PWDPROP
- CWE.522.PWDXML
- CWE.522.UTAX
- CWE.522.WCPWD
- CWE.522.WPWD
- CWE.522.CKTS
- CWE.522.USC
...
CWE-401
...
Missing Release of Memory after Effective Lifetime
...
- N/A
...
CWE-400
...
Uncontrolled Resource Consumption
...
- CWE.400.LEAKS
- CWE.400.TDALLOC
- CWE.400.USB
- CWE.400.DMDS
- CWE.400.ISTART
...
CWE-639
...
Authorization Bypass Through User-Controlled Key
...
- N/A
...
CWE-59
...
Improper Link Resolution Before File Access ('Link Following')
...
- CWE.59.FOLLOW
- CWE.59.LNK
...
CWE-668
...
Exposure of Resource to Wrong Sphere
...
- CWE.668.ASNF
- CWE.668.CFAP
- CWE.668.SENS
- CWE.668.SENSLOG
- CWE.668.TDFNAMES
- CWE.668.TDINPUT
- CWE.668.TDLIB
- CWE.668.TDPASSWD
- CWE.668.RR
- CWE.668.UPWD
- CWE.668.MFP
- CWE.668.IMM
- CWE.668.PSFA
- CWE.668.PLAIN
- CWE.668.SYSP
- CWE.668.SPFF
- CWE.668.CONSEN
- CWE.668.PEO
- CWE.668.RA
- CWE.668.SIF
- CWE.668.SIO
- CWE.668.ATF
- CWE.668.PCCF
- CWE.668.PTPT
- CWE.668.PWDPROP
- CWE.668.PWDXML
- CWE.668.UTAX
- CWE.668.WCPWD
- CWE.668.WPWD
- CWE.668.ACPST
- CWE.668.APIBS
- CWE.668.CKTS
- CWE.668.CLONE
- CWE.668.EWSSEC
- CWE.668.IDP
- CWE.668.INNER
- CWE.668.PBRTE
- CWE.668.SCHTTP
- CWE.668.SER
- CWE.668.USC
- CWE.668.UCO
CWE 4.17 Mapping
...
ID
...
Name/description
...
Parasoft rule ID(s)
...
CWE-6
...
J2EE Misconfiguration: Insufficient Session-ID Length
...
- CWE.6.SLID
...
CWE-7
...
J2EE Misconfiguration: Missing Custom Error Page
...
- CWE.7.SEP
...
CWE-8
...
J2EE Misconfiguration: Entity Bean Declared Remote
...
- CWE.8.RR
...
CWE-9
...
J2EE Misconfiguration: Weak Access Permissions for EJB Methods
...
- CWE.9.DPANY
...
CWE-15
...
External Control of System or Configuration Setting
...
- CWE.15.SYSP
- CWE.15.UCO
...
CWE-20
...
Improper Input Validation
...
- CWE-111.NATV
- CWE-111.NATIW
- CWE-109.EV
- CWE-106.PLUGIN
- CWE-104.AEAF
- CWE-102.DFV
- CWE-103.CSVFV
- CWE-134.TDINPUT
- CWE-113.TDRESP
- CWE-470.TDRFL
- CWE-470.APIBS
- CWE-190.INTWRAP
- CWE-190.BSA
- CWE-190.CACO
- CWE-190.CLP
- CWE-190.ICO
- CWE-190.IOF
- CWE-114.TDLIB
- CWE-114.APIBS
- CWE-117.TDLOG
- CWE-129.ARRAY
- CWE-129.ARRAYSEC
- CWE-129.CAI
- CWE-15.SYSP
- CWE-15.UCO
...
CWE-22
...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
...
- CWE.22.TDFNAMES
...
CWE-59
...
Improper Link Resolution Before File Access ('Link Following')
...
- CWE-64.LNK
- CWE-61.FOLLOW
...
CWE-61
...
UNIX Symbolic Link (Symlink) Following
...
- CWE.61.FOLLOW
...
CWE-64
...
Windows Shortcut Following (.LNK)
...
- CWE.64.LNK
...
CWE-73
...
External Control of File Name or Path
...
- CWE-114.TDLIB
- CWE-114.APIBS
...
CWE-74
...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
...
- CWE-89.TDSQL
- CWE-89.UPS
- CWE-99.TDNET
- CWE-94.DCEMSL
- CWE-94.ASAPI
- CWE-79.EACM
- CWE-79.TDRESP
- CWE-79.TDXSS
- CWE-79.VPPD
- CWE-78.TDCMD
- CWE-91.TDXML
...
CWE-77
...
Improper Neutralization of Special Elements used in a Command ('Command Injection')
...
- CWE-78.TDCMD
...
CWE-78
...
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
...
- CWE.78.TDCMD
...
CWE-79
...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
...
- CWE.79.EACM
- CWE.79.TDRESP
- CWE.79.TDXSS
- CWE.79.VPPD
- CWE-83.ARXML
- CWE-80.TDDIG
- CWE-80.TDXML
- CWE-80.ARXML
- CWE-81.ARXML
...
CWE-80
...
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
...
- CWE.80.TDDIG
- CWE.80.TDXML
- CWE.80.ARXML
...
CWE-81
...
Improper Neutralization of Script in an Error Message Web Page
...
- CWE.81.ARXML
...
CWE-83
...
Improper Neutralization of Script in Attributes in a Web Page
...
- CWE.83.ARXML
...
CWE-89
...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
...
- CWE.89.TDSQL
- CWE.89.UPS
...
CWE-90
...
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
...
- CWE.90.TDLDAP
...
CWE-91
...
XML Injection (aka Blind XPath Injection)
...
- CWE.91.TDXML
- CWE-652.TDXPATH
- CWE-652.XPIJ
- CWE-643.TDJXPATH
- CWE-643.TDXPATH
...
CWE-93
...
Improper Neutralization of CRLF Sequences ('CRLF Injection')
...
- CWE-113.TDRESP
...
CWE-94
...
Improper Control of Generation of Code ('Code Injection')
...
- CWE.94.DCEMSL
- CWE.94.ASAPI
- CWE-95.TDCODE
...
CWE-95
...
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
...
- CWE.95.TDCODE
...
CWE-99
...
Improper Control of Resource Identifiers ('Resource Injection')
...
- CWE.99.TDNET
...
CWE-102
...
Struts: Duplicate Validation Forms
...
- CWE.102.DFV
...
CWE-103
...
Struts: Incomplete validate() Method Definition
...
- CWE.103.CSVFV
...
CWE-104
...
Struts: Form Bean Does Not Extend Validation Class
...
- CWE.104.AEAF
...
CWE-106
...
Struts: Plug-in Framework not in Use
...
- CWE.106.PLUGIN
...
CWE-109
...
Struts: Validator Turned Off
...
- CWE.109.EV
...
CWE-111
...
Direct Use of Unsafe JNI
...
- CWE.111.NATV
- CWE.111.NATIW
...
CWE-113
...
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
...
- CWE.113.TDRESP
...
CWE-114
...
Process Control
...
- CWE.114.TDLIB
- CWE.114.APIBS
...
CWE-116
...
Improper Encoding or Escaping of Output
...
- CWE-644.TDRESP
- CWE-838.SEO
- CWE-117.TDLOG
...
CWE-117
...
Improper Output Neutralization for Logs
...
- CWE.117.TDLOG
...
CWE-119
...
Improper Restriction of Operations within the Bounds of a Memory Buffer
...
- CWE-125.ARRAY
- CWE-125.ARRAYSEC
- CWE-787.ARRAY
- CWE-787.ARRAYSEC
...
CWE-125
...
Out-of-bounds Read
...
- CWE.125.ARRAY
- CWE.125.ARRAYSEC
...
CWE-128
...
Wrap-around Error
...
- CWE.128.CACO
...
CWE-129
...
Improper Validation of Array Index
...
- CWE.129.ARRAY
- CWE.129.ARRAYSEC
- CWE.129.CAI
...
CWE-131
...
Incorrect Calculation of Buffer Size
...
- CWE.131.ARRAY
...
CWE-134
...
Use of Externally-Controlled Format String
...
- CWE.134.TDINPUT
...
CWE-172
...
Encoding Error
...
- CWE-173.SEO
- CWE-176.NCUCP
...
CWE-173
...
Improper Handling of Alternate Encoding
...
- CWE.173.SEO
...
CWE-176
...
Improper Handling of Unicode Encoding
...
- CWE.176.NCUCP
...
CWE-185
...
Incorrect Regular Expression
...
- CWE.185.REP
...
CWE-188
...
Reliance on Data/Memory Layout
...
- CWE-198.PMRWLED
...
CWE-190
...
Integer Overflow or Wraparound
...
- CWE.190.INTWRAP
- CWE.190.BSA
- CWE.190.CACO
- CWE.190.CLP
- CWE.190.ICO
- CWE.190.IOF
- CWE-680.BSA
...
CWE-191
...
Integer Underflow (Wrap or Wraparound)
...
- CWE.191.INTWRAP
- CWE.191.BSA
...
CWE-193
...
Off-by-one Error
...
- CWE.193.AOBO
...
CWE-197
...
Numeric Truncation Error
...
- CWE.197.INTDL
...
CWE-198
...
Use of Incorrect Byte Ordering
...
- CWE.198.PMRWLED
...
CWE-200
...
Exposure of Sensitive Information to an Unauthorized Actor
...
- CWE-532.SENSLOG
- CWE-532.CONSEN
- CWE-359.CONSEN
- CWE-497.SENS
- CWE-497.PEO
- CWE-213.CONSEN
- CWE-215.EWSSEC
- CWE-209.SENS
- CWE-209.PEO
- CWE-209.SIO
- CWE-209.ACPST
...
CWE-209
...
Generation of Error Message Containing Sensitive Information
...
- CWE.209.SENS
- CWE.209.PEO
- CWE.209.SIO
- CWE.209.ACPST
...
CWE-212
...
Improper Removal of Sensitive Information Before Storage or Transfer
...
- CWE.212.FT
...
CWE-213
...
Exposure of Sensitive Information Due to Incompatible Policies
...
- CWE.213.CONSEN
...
CWE-215
...
Insertion of Sensitive Information Into Debugging Code
...
- CWE.215.EWSSEC
...
CWE-221
...
Information Loss or Omission
...
- CWE-397.NTX
- CWE-397.NTERR
- CWE-396.NCE
...
CWE-223
...
Omission of Security-relevant Information
...
- CWE-778.ENFL
...
CWE-245
...
J2EE Bad Practices: Direct Management of Connections
...
- CWE.245.JDBCTEMPLATE
...
CWE-246
...
J2EE Bad Practices: Direct Use of Sockets
...
- CWE.246.AUS
- CWE.246.NSF
- CWE.246.SS
...
CWE-248
...
Uncaught Exception
...
- CWE-600.CETS
...
CWE-250
...
Execution with Unnecessary Privileges
...
- CWE.250.LDP
- CWE.250.PCL
...
CWE-252
...
Unchecked Return Value
...
- CWE.252.CHECKRET
- CWE.252.CRRV
...
CWE-256
...
Plaintext Storage of a Password
...
- CWE.256.TDPASSWD
- CWE.256.UPWD
- CWE.256.PLAIN
- CWE.256.PCCF
- CWE.256.PTPT
- CWE.256.PWDPROP
- CWE.256.PWDXML
- CWE.256.UTAX
- CWE.256.WCPWD
- CWE.256.WPWD
...
CWE-258
...
Empty Password in Configuration File
...
- CWE.258.PWDPROP
...
CWE-260
...
Password in Configuration File
...
- CWE.260.UTAX
- CWE-555.PWDXML
- CWE-258.PWDPROP
...
CWE-261
...
Weak Encoding for Password
...
- CWE.261.CKTS
...
CWE-266
...
Incorrect Privilege Assignment
...
- CWE-9.DPANY
...
CWE-269
...
Improper Privilege Management
...
- CWE-250.LDP
- CWE-250.PCL
...
CWE-276
...
Incorrect Default Permissions
...
- CWE.276.ASNF
- CWE.276.CFAP
...
CWE-279
...
Incorrect Execution-Assigned Permissions
...
- CWE.279.IDP
...
CWE-284
...
Improper Access Control
...
- CWE-863.DSR
- CWE-863.SRCD
- CWE-862.PERMIT
- CWE-862.LCA
- CWE-749.DPAM
- CWE-749.DPPM
- CWE-749.SPAM
- CWE-346.JXCORS
...
CWE-285
...
Improper Authorization
...
- CWE-863.DSR
- CWE-863.SRCD
- CWE-862.PERMIT
- CWE-862.LCA
...
CWE-287
...
Improper Authentication
...
- CWE-521.MLVP
- CWE-798.HCCS
- CWE-290.HTTPRHA
- CWE-295.HV
- CWE-306.SSM
- CWE-307.PBFA
...
CWE-290
...
Authentication Bypass by Spoofing
...
- CWE.290.HTTPRHA
- CWE-350.DNSL
...
CWE-295
...
Improper Certificate Validation
...
- CWE.295.HV
- CWE-297.VSI
...
CWE-297
...
Improper Validation of Certificate with Host Mismatch
...
- CWE.297.VSI
...
CWE-306
...
Missing Authentication for Critical Function
...
- CWE.306.SSM
...
CWE-307
...
Improper Restriction of Excessive Authentication Attempts
...
- CWE.307.PBFA
...
CWE-311
...
Missing Encryption of Sensitive Data
...
- CWE.311.SENS
- CWE.311.PWDXML
- CWE-312.PWDPROP
- CWE-319.HTTPS
- CWE-319.USC
...
CWE-312
...
Cleartext Storage of Sensitive Information
...
- CWE.312.PWDPROP
- CWE-315.PLC
- CWE-313.PLAIN
...
CWE-313
...
Cleartext Storage in a File or on Disk
...
- CWE.313.PLAIN
...
CWE-315
...
Cleartext Storage of Sensitive Information in a Cookie
...
- CWE.315.PLC
...
CWE-319
...
Cleartext Transmission of Sensitive Information
...
- CWE.319.HTTPS
- CWE.319.USC
- CWE-614.UOSC
- CWE-1428.UHTTPS
...
CWE-321
...
Use of Hard-coded Cryptographic Key
...
- CWE.321.HCCK
...
CWE-325
...
Missing Cryptographic Step
...
- CWE.325.MCMDU
- CWE.325.SIKG
...
CWE-326
...
Inadequate Encryption Strength
...
- CWE-328.AISSAJAVA
- CWE-328.AISSAXML
- CWE-328.AUNC
- CWE-328.ICA
- CWE-328.MDSALT
- CWE-328.SRD
...
CWE-327
...
Use of a Broken or Risky Cryptographic Algorithm
...
- CWE.327.ACMD
- CWE-328.AISSAJAVA
- CWE-328.AISSAXML
- CWE-328.AUNC
- CWE-328.ICA
- CWE-328.MDSALT
- CWE-328.SRD
...
CWE-328
...
Use of Weak Hash
...
- CWE.328.AISSAJAVA
- CWE.328.AISSAXML
- CWE.328.AUNC
- CWE.328.ICA
- CWE.328.MDSALT
- CWE.328.SRD
...
CWE-329
...
Generation of Predictable IV with CBC Mode
...
- CWE.329.ENPP
- CWE.329.IVR
...
CWE-330
...
Use of Insufficiently Random Values
...
- CWE-338.SRD
...
CWE-334
...
Small Space of Random Values
...
- CWE-6.SLID
...
CWE-335
...
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
...
- CWE-337.ENPP
- CWE-336.ENPP
...
CWE-336
...
Same Seed in Pseudo-Random Number Generator (PRNG)
...
- CWE.336.ENPP
...
CWE-337
...
Predictable Seed in Pseudo-Random Number Generator (PRNG)
...
- CWE.337.ENPP
...
CWE-338
...
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
...
- CWE.338.SRD
...
CWE-344
...
Use of Invariant Value in Dynamically Changing Context
...
- CWE-798.HCCS
...
CWE-345
...
Insufficient Verification of Data Authenticity
...
- CWE-352.EACM
- CWE-352.TDRESP
- CWE-352.TDXSS
- CWE-352.VPPD
- CWE-352.UOSC
- CWE-352.DCSRFJAVA
- CWE-352.DCSRFXML
- CWE-352.REQMAP
- CWE-346.JXCORS
- CWE-347.VJFS
...
CWE-346
...
Origin Validation Error
...
- CWE.346.JXCORS
- CWE-1385.WS
...
CWE-347
...
Improper Verification of Cryptographic Signature
...
- CWE.347.VJFS
...
CWE-350
...
Reliance on Reverse DNS Resolution for a Security-Critical Action
...
- CWE.350.DNSL
...
CWE-352
...
Cross-Site Request Forgery (CSRF)
...
- CWE.352.EACM
- CWE.352.TDRESP
- CWE.352.TDXSS
- CWE.352.VPPD
- CWE.352.UOSC
- CWE.352.DCSRFJAVA
- CWE.352.DCSRFXML
- CWE.352.REQMAP
...
CWE-359
...
Exposure of Private Personal Information to an Unauthorized Actor
...
- CWE.359.CONSEN
...
CWE-362
...
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
...
- CWE.362.DCL
- CWE-367.TOCTOU
...
CWE-367
...
Time-of-check Time-of-use (TOCTOU) Race Condition
...
- CWE.367.TOCTOU
...
CWE-369
...
Divide By Zero
...
- CWE.369.ZERO
...
CWE-375
...
Returning a Mutable Object to an Untrusted Caller
...
- CWE.375.RA
...
CWE-377
...
Insecure Temporary File
...
- CWE.377.ATF
...
CWE-382
...
J2EE Bad Practices: Use of System.exit()
...
- CWE.382.EXIT
- CWE.382.JVM
...
CWE-383
...
J2EE Bad Practices: Direct Use of Threads
...
- CWE.383.THR
...
CWE-384
...
Session Fixation
...
- CWE.384.ISL
...
CWE-390
...
Detection of Error Condition Without Action
...
- CWE.390.LGE
...
CWE-391
...
Unchecked Error Condition
...
- CWE.391.AECB
...
CWE-395
...
Use of NullPointerException Catch to Detect NULL Pointer Dereference
...
- CWE.395.NCNPE
...
CWE-396
...
Declaration of Catch for Generic Exception
...
- CWE.396.NCE
...
CWE-397
...
Declaration of Throws for Generic Exception
...
- CWE.397.NTX
- CWE.397.NTERR
...
CWE-400
...
Uncontrolled Resource Consumption
...
- CWE.400.DMDS
- CWE-771.LEAKS
- CWE-770.ISTART
...
CWE-404
...
Improper Resource Shutdown or Release
...
- CWE.404.COCO
- CWE.404.ODBIL
- CWE.404.CRWD
- CWE-772.LEAKS
- CWE-772.CLOSE
- CWE-459.LEAKS
...
CWE-413
...
Improper Resource Locking
...
- CWE.413.LORD
...
CWE-416
...
Use After Free
...
- CWE.416.FREE
...
CWE-426
...
Untrusted Search Path
...
- CWE.426.PBRTE
...
CWE-427
...
Uncontrolled Search Path Element
...
- CWE.427.PBRTE
...
CWE-434
...
Unrestricted Upload of File with Dangerous Type
...
- CWE.434.TDFNAMES
...
CWE-436
...
Interpretation Conflict
...
- CWE-113.TDRESP
...
CWE-441
...
Unintended Proxy or Intermediary ('Confused Deputy')
...
- CWE-918.TDNET
...
CWE-456
...
Missing Initialization of a Variable
...
- CWE.456.LV
...
CWE-457
...
Use of Uninitialized Variable
...
- CWE.457.NP
- CWE.457.NOTEXPLINIT
- CWE.457.NOTINITCTOR
- CWE.457.UIRC
...
CWE-459
...
Incomplete Cleanup
...
- CWE.459.LEAKS
- CWE-568.FCF
...
CWE-470
...
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
...
- CWE.470.TDRFL
- CWE.470.APIBS
...
CWE-471
...
Modification of Assumed-Immutable Data (MAID)
...
- CWE-607.IMM
- CWE-607.RMO
...
CWE-476
...
NULL Pointer Dereference
...
- CWE.476.NP
...
CWE-477
...
Use of Obsolete Function
...
- CWE.477.DPRAPI
...
CWE-478
...
Missing Default Case in Multiple Condition Expression
...
- CWE.478.PDS
...
CWE-480
...
Use of Incorrect Operator
...
- CWE-481.ASI
...
CWE-481
...
Assigning instead of Comparing
...
- CWE.481.ASI
...
CWE-483
...
Incorrect Block Delimitation
...
- CWE.483.BLK
- CWE.483.EBI
- CWE.483.EB
...
CWE-484
...
Omitted Break Statement in Switch
...
- CWE.484.SBC
- CWE.484.DAV
...
CWE-486
...
Comparison of Classes by Name
...
- CWE.486.AUG
- CWE.486.CMP
...
CWE-487
...
Reliance on Package-level Scope
...
- CWE.487.AF
...
CWE-491
...
Public cloneable() Method Without Final ('Object Hijack')
...
- CWE.491.CLONE
...
CWE-492
...
Use of Inner Class Containing Sensitive Data
...
- CWE.492.INNER
...
CWE-493
...
Critical Public Variable Without Final Modifier
...
- CWE-500.SPFF
...
CWE-495
...
Private Data Structure Returned From A Public Method
...
- CWE.495.RA
...
CWE-496
...
Public Data Assigned to Private Array-Typed Field
...
- CWE.496.CAP
...
CWE-497
...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
...
- CWE.497.SENS
- CWE.497.PEO
...
CWE-499
...
Serializable Class Containing Sensitive Data
...
- CWE.499.SIF
- CWE.499.SER
...
CWE-500
...
Public Static Field Not Marked Final
...
- CWE.500.SPFF
...
CWE-501
...
Trust Boundary Violation
...
- CWE.501.TDSESSION
...
CWE-502
...
Deserialization of Untrusted Data
...
- CWE.502.SSSD
- CWE.502.MASP
- CWE.502.AUXD
- CWE.502.SC
- CWE.502.RWAF
- CWE.502.VOBD
...
CWE-506
...
Embedded Malicious Code
...
- CWE.506.HCCK
- CWE-511.RDM
...
CWE-511
...
Logic/Time Bomb
...
- CWE.511.RDM
...
CWE-521
...
Weak Password Requirements
...
- CWE.521.MLVP
- CWE-258.PWDPROP
...
CWE-522
...
Insufficiently Protected Credentials
...
- CWE-523.USC
- CWE-261.CKTS
- CWE-260.UTAX
- CWE-256.TDPASSWD
- CWE-256.UPWD
- CWE-256.PLAIN
- CWE-256.PCCF
- CWE-256.PTPT
- CWE-256.PWDPROP
- CWE-256.PWDXML
- CWE-256.UTAX
- CWE-256.WCPWD
- CWE-256.WPWD
...
CWE-523
...
Unprotected Transport of Credentials
...
- CWE.523.USC
...
CWE-532
...
Insertion of Sensitive Information into Log File
...
- CWE.532.SENSLOG
- CWE.532.CONSEN
...
CWE-538
...
Insertion of Sensitive Information into Externally-Accessible File or Directory
...
- CWE-532.SENSLOG
- CWE-532.CONSEN
...
CWE-543
...
Use of Singleton Pattern Without Synchronization in a Multithreaded Context
...
- CWE.543.IASF
- CWE.543.ILI
...
CWE-546
...
Suspicious Comment
...
- CWE.546.TODOJAVA
- CWE.546.TODOPROP
- CWE.546.TODOXML
...
CWE-555
...
J2EE Misconfiguration: Plaintext Password in Configuration File
...
- CWE.555.PWDXML
...
CWE-561
...
Dead Code
...
- CWE.561.CC
- CWE.561.SWITCH
- CWE.561.PM
...
CWE-563
...
Assignment to Variable without Use
...
- CWE.563.VOVR
- CWE.563.UPPF
- CWE.563.AURV
- CWE.563.PF
- CWE.563.UP
...
CWE-568
...
finalize() Method Without super.finalize()
...
- CWE.568.FCF
...
CWE-570
...
Expression is Always False
...
- CWE.570.CC
- CWE.570.UCIF
...
CWE-571
...
Expression is Always True
...
- CWE.571.CC
- CWE.571.UCIF
...
CWE-572
...
Call to Thread run() instead of start()
...
- CWE.572.IRUN
...
CWE-573
...
Improper Following of Specification by Caller
...
- CWE-581.OVERRIDE
- CWE-104.AEAF
- CWE-103.CSVFV
- CWE-577.AUS
- CWE-580.SCLONE
- CWE-325.MCMDU
- CWE-325.SIKG
- CWE-568.FCF
- CWE-579.ONS
- CWE-579.SNSO
- CWE-578.ACL
- CWE-329.ENPP
- CWE-329.IVR
...
CWE-576
...
EJB Bad Practices: Use of Java I/O
...
- CWE.576.JIO
...
CWE-577
...
EJB Bad Practices: Use of Sockets
...
- CWE.577.AUS
...
CWE-578
...
EJB Bad Practices: Use of Class Loader
...
- CWE.578.ACL
...
CWE-579
...
J2EE Bad Practices: Non-serializable Object Stored in Session
...
- CWE.579.ONS
- CWE.579.SNSO
...
CWE-580
...
clone() Method Without super.clone()
...
- CWE.580.SCLONE
...
CWE-581
...
Object Model Violation: Just One of Equals and Hashcode Defined
...
- CWE.581.OVERRIDE
...
CWE-582
...
Array Declared Public, Final, and Static
...
- CWE.582.IMM
- CWE.582.PSFA
...
CWE-583
...
finalize() Method Declared Public
...
- CWE.583.MFP
...
CWE-584
...
Return Inside Finally Block
...
- CWE.584.ARCF
...
CWE-585
...
Empty Synchronized Block
...
- CWE.585.SNE
...
CWE-586
...
Explicit Call to Finalize()
...
- CWE.586.NCF
...
CWE-594
...
J2EE Framework: Saving Unserializable Objects to Disk
...
- CWE.594.SIVS
...
CWE-595
...
Comparison of Object References Instead of Object Contents
...
- CWE.595.UEIC
...
CWE-600
...
Uncaught Exception in Servlet
...
- CWE.600.CETS
...
CWE-601
...
URL Redirection to Untrusted Site ('Open Redirect')
...
- CWE.601.TDNET
- CWE.601.TDRESP
- CWE.601.VRD
- CWE.601.UCO
...
CWE-605
...
Multiple Binds to the Same Port
...
- CWE.605.HCNA
...
CWE-607
...
Public Static Final Field References Mutable Object
...
- CWE.607.IMM
- CWE.607.RMO
...
CWE-609
...
Double-Checked Locking
...
- CWE.609.DCL
...
CWE-610
...
Externally Controlled Reference to a Resource in Another Sphere
...
- CWE-601.TDNET
- CWE-601.TDRESP
- CWE-601.VRD
- CWE-601.UCO
- CWE-470.TDRFL
- CWE-470.APIBS
- CWE-918.TDNET
- CWE-15.SYSP
- CWE-15.UCO
- CWE-384.ISL
- CWE-611.XMLVAL
- CWE-611.DXXE
...
CWE-611
...
Improper Restriction of XML External Entity Reference
...
- CWE.611.XMLVAL
- CWE.611.DXXE
...
CWE-613
...
Insufficient Session Expiration
...
- CWE.613.RUIM
- CWE.613.STTL
...
CWE-614
...
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
...
- CWE.614.UOSC
...
CWE-617
...
Reachable Assertion
...
- CWE.617.ASSERT
...
CWE-642
...
External Control of Critical State Data
...
- CWE-15.SYSP
- CWE-15.UCO
- CWE-426.PBRTE
...
CWE-643
...
Improper Neutralization of Data within XPath Expressions ('XPath Injection')
...
- CWE.643.TDJXPATH
- CWE.643.TDXPATH
...
CWE-644
...
Improper Neutralization of HTTP Headers for Scripting Syntax
...
- CWE.644.TDRESP
...
CWE-652
...
Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
...
- CWE.652.TDXPATH
- CWE.652.XPIJ
...
CWE-657
...
Violation of Secure Design Principles
...
- CWE-250.LDP
- CWE-250.PCL
...
CWE-662
...
Improper Synchronization
...
- CWE.662.DIFCS
- CWE-543.IASF
- CWE-543.ILI
- CWE-833.ORDER
- CWE-833.TSHL
- CWE-833.CSFS
- CWE-833.RLF
- CWE-833.STR
- CWE-833.UWNA
- CWE-764.DLOCK
- CWE-667.LOCK
- CWE-667.CLOSE
...
CWE-664
...
Improper Control of a Resource Through its Lifetime
...
- CWE-487.AF
- CWE-580.SCLONE
- CWE-662.DIFCS
- CWE-704.AGBPT
- CWE-704.CPTS
- CWE-495.RA
- CWE-496.CAP
- CWE-400.DMDS
- CWE-404.COCO
- CWE-404.ODBIL
- CWE-404.CRWD
- CWE-501.TDSESSION
...
CWE-665
...
Improper Initialization
...
- CWE-456.LV
- CWE-770.ISTART
- CWE-457.NP
- CWE-457.NOTEXPLINIT
- CWE-457.NOTINITCTOR
- CWE-457.UIRC
...
CWE-666
...
Operation on Resource in Wrong Phase of Lifetime
...
- CWE-605.HCNA
...
CWE-667
...
Improper Locking
...
- CWE.667.LOCK
- CWE.667.CLOSE
- CWE-413.LORD
- CWE-832.LORD
- CWE-833.ORDER
- CWE-833.TSHL
- CWE-833.CSFS
- CWE-833.RLF
- CWE-833.STR
- CWE-833.UWNA
- CWE-609.DCL
- CWE-764.DLOCK
...
CWE-668
...
Exposure of Resource to Wrong Sphere
...
- CWE-375.RA
- CWE-377.ATF
- CWE-499.SIF
- CWE-499.SER
- CWE-134.TDINPUT
- CWE-491.CLONE
- CWE-492.INNER
- CWE-427.PBRTE
- CWE-426.PBRTE
- CWE-8.RR
- CWE-582.IMM
- CWE-582.PSFA
- CWE-583.MFP
...
CWE-669
...
Incorrect Resource Transfer Between Spheres
...
- CWE-829.TDFILES
- CWE-829.TDFNAMES
- CWE-829.TDLIB
- CWE-829.TDXPATH
- CWE-434.TDFNAMES
- CWE-212.FT
...
CWE-670
...
Always-Incorrect Control Flow Implementation
...
- CWE-483.BLK
- CWE-483.EBI
- CWE-483.EB
- CWE-484.SBC
- CWE-484.DAV
- CWE-617.ASSERT
...
CWE-671
...
Lack of Administrator Control over Security
...
- CWE-798.HCCS
...
CWE-672
...
Operation on a Resource after Expiration or Release
...
- CWE-416.FREE
- CWE-613.RUIM
- CWE-613.STTL
...
CWE-673
...
External Influence of Sphere Definition
...
- CWE-426.PBRTE
...
CWE-674
...
Uncontrolled Recursion
...
- CWE.674.FLRC
...
CWE-675
...
Multiple Operations on Resource in Single-Operation Context
...
- CWE-764.DLOCK
- CWE-605.HCNA
...
CWE-676
...
Use of Potentially Dangerous Function
...
- CWE.676.SRD
...
CWE-680
...
Integer Overflow to Buffer Overflow
...
- CWE.680.BSA
...
CWE-681
...
Incorrect Conversion between Numeric Types
...
- CWE.681.INTVC
- CWE.681.CLP
- CWE.681.IDCD
- CWE-197.INTDL
...
CWE-682
...
Incorrect Calculation
...
- CWE-369.ZERO
- CWE-131.ARRAY
- CWE-128.CACO
- CWE-191.INTWRAP
- CWE-191.BSA
- CWE-190.INTWRAP
- CWE-190.BSA
- CWE-190.CACO
- CWE-190.CLP
- CWE-190.ICO
- CWE-190.IOF
- CWE-193.AOBO
...
CWE-691
...
Insufficient Control Flow Management
...
- CWE.691.ANL
- CWE-362.DCL
- CWE-841.PERMIT
- CWE-662.DIFCS
...
CWE-693
...
Protection Mechanism Failure
...
- CWE-807.PLC
- CWE-807.HGRSI
- CWE-807.UOSC
- CWE-311.SENS
- CWE-311.PWDXML
- CWE-327.ACMD
...
CWE-694
...
Use of Multiple Resources with Duplicate Identifier
...
- CWE-102.DFV
...
CWE-695
...
Use of Low-Level Functionality
...
- CWE-111.NATV
- CWE-111.NATIW
- CWE-245.JDBCTEMPLATE
- CWE-383.THR
- CWE-246.AUS
- CWE-246.NSF
- CWE-246.SS
- CWE-576.JIO
...
CWE-697
...
Incorrect Comparison
...
- CWE-185.REP
- CWE-581.OVERRIDE
- CWE-1077.DCF
...
CWE-703
...
Improper Check or Handling of Exceptional Conditions
...
- CWE-397.NTX
- CWE-397.NTERR
- CWE-391.AECB
- CWE-755.CIET
...
CWE-704
...
Incorrect Type Conversion or Cast
...
- CWE.704.AGBPT
- CWE.704.CPTS
- CWE-681.INTVC
- CWE-681.CLP
- CWE-681.IDCD
- CWE-843.EQUS
...
CWE-705
...
Incorrect Control Flow Scoping
...
- CWE-397.NTX
- CWE-397.NTERR
- CWE-396.NCE
- CWE-395.NCNPE
- CWE-382.EXIT
- CWE-382.JVM
- CWE-584.ARCF
...
CWE-706
...
Use of Incorrectly-Resolved Name or Reference
...
- CWE-22.TDFNAMES
...
CWE-710
...
Improper Adherence to Coding Standards
...
- CWE-484.SBC
- CWE-484.DAV
- CWE-476.NP
- CWE-477.DPRAPI
- CWE-571.CC
- CWE-571.UCIF
- CWE-570.CC
- CWE-570.UCIF
- CWE-1066.OROM
- CWE-1126.DVCU
...
CWE-732
...
Incorrect Permission Assignment for Critical Resource
...
- CWE-276.ASNF
- CWE-276.CFAP
- CWE-1004.SCHTTP
- CWE-279.IDP
...
CWE-749
...
Exposed Dangerous Method or Function
...
- CWE.749.DPAM
- CWE.749.DPPM
- CWE.749.SPAM
...
CWE-754
...
Improper Check for Unusual or Exceptional Conditions
...
- CWE-476.NP
- CWE-391.AECB
- CWE-252.CHECKRET
- CWE-252.CRRV
...
CWE-755
...
Improper Handling of Exceptional Conditions
...
- CWE.755.CIET
- CWE-396.NCE
- CWE-395.NCNPE
- CWE-390.LGE
- CWE-209.SENS
- CWE-209.PEO
- CWE-209.SIO
- CWE-209.ACPST
...
CWE-756
...
Missing Custom Error Page
...
- CWE-7.SEP
...
CWE-758
...
Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
...
- CWE-1102.DNHCP
- CWE-1102.LNSP
- CWE-1102.PEER
...
CWE-759
...
Use of a One-Way Hash without a Salt
...
- CWE.759.MDSALT
...
CWE-764
...
Multiple Locks of a Critical Resource
...
- CWE.764.DLOCK
...
CWE-770
...
Allocation of Resources Without Limits or Throttling
...
- CWE.770.ISTART
- CWE-789.TDALLOC
...
CWE-771
...
Missing Reference to Active Allocated Resource
...
- CWE.771.LEAKS
...
CWE-772
...
Missing Release of Resource after Effective Lifetime
...
- CWE.772.LEAKS
- CWE.772.CLOSE
...
CWE-778
...
Insufficient Logging
...
- CWE.778.ENFL
...
CWE-787
...
Out-of-bounds Write
...
- CWE.787.ARRAY
- CWE.787.ARRAYSEC
...
CWE-789
...
Memory Allocation with Excessive Size Value
...
- CWE.789.TDALLOC
...
CWE-798
...
Use of Hard-coded Credentials
...
- CWE.798.HCCS
- CWE-321.HCCK
...
CWE-799
...
Improper Control of Interaction Frequency
...
- CWE-307.PBFA
...
CWE-805
...
Buffer Access with Incorrect Length Value
...
- CWE-806.BUSSB
...
CWE-806
...
Buffer Access Using Size of Source Buffer
...
- CWE.806.BUSSB
...
CWE-807
...
Reliance on Untrusted Inputs in a Security Decision
...
- CWE.807.PLC
- CWE.807.HGRSI
- CWE.807.UOSC
- CWE-350.DNSL
...
CWE-820
...
Missing Synchronization
...
- CWE-543.IASF
- CWE-543.ILI
...
CWE-821
...
Incorrect Synchronization
...
- CWE-572.IRUN
...
CWE-825
...
Expired Pointer Dereference
...
- CWE-416.FREE
...
CWE-829
...
Inclusion of Functionality from Untrusted Control Sphere
...
- CWE.829.TDFILES
- CWE.829.TDFNAMES
- CWE.829.TDLIB
- CWE.829.TDXPATH
...
CWE-832
...
Unlock of a Resource that is not Locked
...
- CWE.832.LORD
...
CWE-833
...
Deadlock
...
- CWE.833.ORDER
- CWE.833.TSHL
- CWE.833.CSFS
- CWE.833.RLF
- CWE.833.STR
- CWE.833.UWNA
...
CWE-834
...
Excessive Iteration
...
- CWE-674.FLRC
- CWE-835.PCIF
- CWE-835.AIL
...
CWE-835
...
Loop with Unreachable Exit Condition ('Infinite Loop')
...
- CWE.835.PCIF
- CWE.835.AIL
...
CWE-836
...
Use of Password Hash Instead of Password for Authentication
...
- CWE.836.PLAIN
...
CWE-838
...
Inappropriate Encoding for Output Context
...
- CWE.838.SEO
...
CWE-841
...
Improper Enforcement of Behavioral Workflow
...
- CWE.841.PERMIT
...
CWE-843
...
Access of Resource Using Incompatible Type ('Type Confusion')
...
- CWE.843.EQUS
...
CWE-862
...
Missing Authorization
...
- CWE.862.PERMIT
- CWE.862.LCA
...
CWE-863
...
Incorrect Authorization
...
- CWE.863.DSR
- CWE.863.SRCD
...
CWE-908
...
Use of Uninitialized Resource
...
- CWE-457.NP
- CWE-457.NOTEXPLINIT
- CWE-457.NOTINITCTOR
- CWE-457.UIRC
...
CWE-909
...
Missing Initialization of Resource
...
- CWE-456.LV
...
CWE-912
...
Hidden Functionality
...
- CWE-506.HCCK
...
CWE-913
...
Improper Control of Dynamically-Managed Code Resources
...
- CWE-470.TDRFL
- CWE-470.APIBS
- CWE-502.SSSD
- CWE-502.MASP
- CWE-502.AUXD
- CWE-502.SC
- CWE-502.RWAF
- CWE-502.VOBD
- CWE-94.DCEMSL
- CWE-94.ASAPI
...
CWE-916
...
Use of Password Hash With Insufficient Computational Effort
...
- CWE-759.MDSALT
...
CWE-918
...
Server-Side Request Forgery (SSRF)
...
- CWE.918.TDNET
...
CWE-922
...
Insecure Storage of Sensitive Information
...
- CWE-312.PWDPROP
...
CWE-923
...
Improper Restriction of Communication Channel to Intended Endpoints
...
- CWE-297.VSI
...
CWE-943
...
Improper Neutralization of Special Elements in Data Query Logic
...
- CWE-652.TDXPATH
- CWE-652.XPIJ
- CWE-90.TDLDAP
- CWE-643.TDJXPATH
- CWE-643.TDXPATH
- CWE-89.TDSQL
- CWE-89.UPS
...
CWE-1004
...
Sensitive Cookie Without 'HttpOnly' Flag
...
- CWE.1004.SCHTTP
...
CWE-1023
...
Incomplete Comparison with Missing Factors
...
- CWE-478.PDS
...
CWE-1025
...
Comparison Using Wrong Factors
...
- CWE-595.UEIC
- CWE-486.AUG
- CWE-486.CMP
...
CWE-1046
...
Creation of Immutable Text Using String Concatenation
...
- CWE.1046.USB
...
CWE-1051
...
Initialization with Hard-Coded Network Resource Configuration Data
...
- CWE.1051.HCNA
...
CWE-1066
...
Missing Serialization Control Element
...
- CWE.1066.OROM
...
CWE-1069
...
Empty Exception Block
...
- CWE.1069.AECB
...
CWE-1071
...
Empty Code Block
...
- CWE-1069.AECB
- CWE-585.SNE
...
CWE-1075
...
Unconditional Control Flow Transfer outside of Switch Block
...
- CWE.1075.ABCL
...
CWE-1076
...
Insufficient Adherence to Expected Conventions
...
- CWE-594.SIVS
- CWE-586.NCF
...
CWE-1077
...
Floating Point Comparison with Incorrect Operator
...
- CWE.1077.DCF
...
CWE-1078
...
Inappropriate Source Code Style or Formatting
...
- CWE-546.TODOJAVA
- CWE-546.TODOPROP
- CWE-546.TODOXML
- CWE-1115.MCH
- CWE-1106.USN
...
CWE-1102
...
Reliance on Machine-Dependent Data Representation
...
- CWE.1102.DNHCP
- CWE.1102.LNSP
- CWE.1102.PEER
...
CWE-1106
...
Insufficient Use of Symbolic Constants
...
- CWE.1106.USN
...
CWE-1115
...
Source Code Element without Standard Prologue
...
- CWE.1115.MCH
...
CWE-1120
...
Excessive Code Complexity
...
- CWE-1075.ABCL
...
CWE-1126
...
Declaration of Variable with Unnecessarily Wide Scope
...
- CWE.1126.DVCU
...
CWE-1164
...
Irrelevant Code
...
- CWE-561.CC
- CWE-561.SWITCH
- CWE-561.PM
- CWE-563.VOVR
- CWE-563.UPPF
- CWE-563.AURV
- CWE-563.PF
- CWE-563.UP
...
CWE-1173
...
Improper Use of Validation Framework
...
- CWE-109.EV
- CWE-106.PLUGIN
- CWE-102.DFV
...
CWE-1176
...
Inefficient CPU Computation
...
- CWE-1046.USB
...
CWE-1177
...
Use of Prohibited Code
...
- CWE-676.SRD
...
CWE-1204
...
Generation of Weak Initialization Vector (IV)
...
- CWE-329.ENPP
- CWE-329.IVR
...
CWE-1285
...
Improper Validation of Specified Index, Position, or Offset in Input
...
- CWE-129.ARRAY
- CWE-129.ARRAYSEC
- CWE-129.CAI
...
CWE-1385
...
Missing Origin Validation in WebSockets
...
- CWE.1385.WS
...
CWE-1390
...
Weak Authentication
...
- CWE-290.HTTPRHA
- CWE-836.PLAIN
- CWE-307.PBFA
...
CWE-1391
...
Use of Weak Credentials
...
- CWE-798.HCCS
- CWE-521.MLVP
...
CWE-1419
...
Incorrect Initialization of Resource
...
- CWE-1051.HCNA
...
CWE-1428
...
Reliance on HTTP instead of HTTPS
...