Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-201 | Information Exposure Through Sent Data The code transmits data to another actor, but the data contains sensitive information that should not be accessible to the actor that is receiving the data. | 0 | 4 | 2 | 0 | 6 | |
CWE-441 | Unintended Proxy or Intermediary ('Confused Deputy') The software receives a request, message, or directive from an upstream component, but the software does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the software's control sphere. This causes the software to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor. | 0 | 3 | 1 | 1 | 5 | |
CWE-321 | Use of Hard-coded Cryptographic Key The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered. | 0 | 3 | 2 | 0 | 5 | |
CWE-591 | Sensitive Data Storage in Improperly Locked Memory The application stores sensitive data in memory that is not locked, or that has been incorrectly locked, which might cause the memory to be written to swap files on disk by the virtual memory manager. This can make the data more accessible to external actors. | 0 | 0 | 5 | 0 | 5 | |
CWE-250 | Execution with Unnecessary Privileges The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. | 1 | 1 | 3 | 0 | 5 | |
CWE-199 | Information Management Errors Weaknesses in this category are related to improper handling of sensitive information. | 0 | 3 | 0 | 1 | 4 | |
CWE-184 | Incomplete Blacklist The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses. | 0 | 2 | 2 | 0 | 4 | |
CWE-548 | Information Exposure Through Directory Listing A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers. | 1 | 2 | 1 | 0 | 4 | |
CWE-1220 | Insufficient Granularity of Access Control The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets. | 0 | 2 | 2 | 0 | 4 | |
CWE-114 | Process Control Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker. | 0 | 0 | 1 | 3 | 4 |