Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-36 | Absolute Path Traversal The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as /abs/path that can resolve to a location that is outside of that directory. | 0 | 2 | 5 | 0 | 7 | |
CWE-259 | Use of Hard-coded Password The software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components. | 1 | 3 | 3 | 0 | 7 | |
CWE-256 | Unprotected Storage of Credentials Storing a password in plaintext may result in a system compromise. | 1 | 6 | 0 | 0 | 7 | |
CWE-297 | Improper Validation of Certificate with Host Mismatch The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host. | 0 | 5 | 2 | 0 | 7 | |
CWE-16 | Configuration Weaknesses in this category are typically introduced during the configuration of the software. | 0 | 0 | 3 | 3 | 6 | |
CWE-117 | Improper Output Neutralization for Logs The software does not neutralize or incorrectly neutralizes output that is written to logs. | 0 | 4 | 2 | 0 | 6 | |
CWE-24 | Path Traversal: '../filedir' The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ../ sequences that can resolve to a location that is outside of that directory. | 0 | 4 | 0 | 2 | 6 | |
CWE-204 | Response Discrepancy Information Exposure The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere. | 0 | 6 | 0 | 0 | 6 | |
CWE-35 | Path Traversal: '.../...//' The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. | 0 | 2 | 4 | 0 | 6 | |
CWE-644 | Improper Neutralization of HTTP Headers for Scripting Syntax The application does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash. | 1 | 5 | 0 | 0 | 6 |