Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-36 Absolute Path Traversal
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as /abs/path that can resolve to a location that is outside of that directory.
0 2 5 0 7
CWE-259 Use of Hard-coded Password
The software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
1 3 3 0 7
CWE-256 Unprotected Storage of Credentials
Storing a password in plaintext may result in a system compromise.
1 6 0 0 7
CWE-297 Improper Validation of Certificate with Host Mismatch
The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host.
0 5 2 0 7
CWE-16 Configuration
Weaknesses in this category are typically introduced during the configuration of the software.
0 0 3 3 6
CWE-117 Improper Output Neutralization for Logs
The software does not neutralize or incorrectly neutralizes output that is written to logs.
0 4 2 0 6
CWE-24 Path Traversal: '../filedir'
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ../ sequences that can resolve to a location that is outside of that directory.
0 4 0 2 6
CWE-204 Response Discrepancy Information Exposure
The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.
0 6 0 0 6
CWE-35 Path Traversal: '.../...//'
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
0 2 4 0 6
CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax
The application does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.
1 5 0 0 6