CWEs That Violate the 2019 CWE Top 25 Standard

Results and Reports

Publication
Results and Reports
Edition date
2022-11-21
Publication date
2022-11-21T22:48:36.735313

This table lists all the CWEs that may cause an application to not pass a policy that includes the 2019 CWE Top 25 policy rule.

CWE ID CWE Name Static Support Dynamic Support Veracode Severity
20 Improper Input Validation X   0 - Informational
22 Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) X X 3 - Medium
23 Relative Path Traversal      
73 External Control of File Name or Path X   3 - Medium
78 Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) X X 5 - Very High
79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) X X 3 - Medium
80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) X X 3 - Medium
81 Improper Neutralization of Script in an Error Message Web Page      
83 Improper Neutralization of Script in Attributes in a Web Page   X 3 - Medium
86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages X   3 - Medium
89 Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) X X 4 - High
90 Improper Neutralization of Special Elements used in an LDAP Query (LDAP Injection) X   3 - Medium
91 XML Injection (aka Blind XPath Injection) X X 3 - Medium
94 Improper Control of Generation of Code (Code Injection) X   3 - Medium
95 Improper Neutralization of Directives in Dynamically Evaluated Code (Eval Injection) X X 5 - Very High
98 Improper Control of Filename for Include/Require Statement in PHP Program (PHP Remote File Inclusion) X X 4 - High
100 DEPRECATED: Technology-Specific Input Validation Problems      
103 Struts: Incomplete validate() Method Definition X   3 - Medium
104 Struts: Form Bean Does Not Extend Validation Class X   3 - Medium
112 Missing XML Validation X   3 - Medium
119 Improper Restriction of Operations within the Bounds of a Memory Buffer      
120 Buffer Copy without Checking Size of Input (Classic Buffer Overflow)      
121 Stack-based Buffer Overflow X   5 - Very High
125 Out-of-bounds Read X   3 - Medium
131 Incorrect Calculation of Buffer Size      
135 Incorrect Calculation of Multi-Byte String Length X   5 - Very High
185 Incorrect Regular Expression X   2 - Low
190 Integer Overflow or Wraparound X   5 - Very High
200 Exposure of Sensitive Information to an Unauthorized Actor X X 2 - Low
201 Insertion of Sensitive Information Into Sent Data X   2 - Low
209 Generation of Error Message Containing Sensitive Information X X 2 - Low
215 Insertion of Sensitive Information Into Debugging Code X X 2 - Low
259 Use of Hard-coded Password X X 3 - Medium
269 Improper Privilege Management      
272 Least Privilege Violation X   3 - Medium
274 Improper Handling of Insufficient Privileges X   0 - Informational
285 Improper Authorization X X 3 - Medium
287 Improper Authentication X X 4 - High
295 Improper Certificate Validation X   3 - Medium
321 Use of Hard-coded Cryptographic Key X X 3 - Medium
346 Origin Validation Error X   3 - Medium
350 Reliance on Reverse DNS Resolution for a Security-Critical Action X   3 - Medium
352 Cross-Site Request Forgery (CSRF) X X 3 - Medium
359 Exposure of Private Personal Information to an Unauthorized Actor X   2 - Low
400 Uncontrolled Resource Consumption      
404 Improper Resource Shutdown or Release X   0 - Informational
416 Use After Free X   2 - Low
426 Untrusted Search Path X   3 - Medium
427 Uncontrolled Search Path Element X   3 - Medium
434 Unrestricted Upload of File with Dangerous Type   X 4 - High
470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) X   3 - Medium
476 NULL Pointer Dereference      
497 Exposure of Sensitive System Information to an Unauthorized Control Sphere X   2 - Low
498 Cloneable Class Containing Sensitive Information      
502 Deserialization of Untrusted Data X   3 - Medium
526 Exposure of Sensitive Information Through Environmental Variables   X 2 - Low
530 Exposure of Backup File to an Unauthorized Control Sphere   X 2 - Low
538 Insertion of Sensitive Information into Externally-Accessible File or Directory   X 0 - Informational
548 Exposure of Information Through Directory Listing   X 2 - Low
564 SQL Injection: Hibernate X   4 - High
566 Authorization Bypass Through User-Controlled SQL Primary Key X   3 - Medium
601 URL Redirection to Untrusted Site (Open Redirect) X X 3 - Medium
611 Improper Restriction of XML External Entity Reference X X 3 - Medium
615 Inclusion of Sensitive Information in Source Code Comments X X 0 - Informational
618 Exposed Unsafe ActiveX Method X   5 - Very High
639 Authorization Bypass Through User-Controlled Key X   4 - High
665 Improper Initialization X   2 - Low
693 Protection Mechanism Failure X X 3 - Medium
708 Incorrect Ownership Assignment X   4 - High
732 Incorrect Permission Assignment for Critical Resource X   3 - Medium
772 Missing Release of Resource after Effective Lifetime      
787 Out-of-bounds Write X   3 - Medium
798 Use of Hard-coded Credentials X   3 - Medium
830 Inclusion of Web Functionality from an Untrusted Source   X 2 - Low
915 Improperly Controlled Modification of Dynamically-Determined Object Attributes X   3 - Medium
918 Server-Side Request Forgery (SSRF) X X 3 - Medium
942 Permissive Cross-domain Policy with Untrusted Domains X X 3 - Medium
1174 ASP.NET Misconfiguration: Improper Model Validation X   2 - Low