Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-664 | Improper Control of a Resource Through its Lifetime The software does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release. | 0 | 1 | 2 | 0 | 3 | |
CWE-471 | Modification of Assumed-Immutable Data (MAID) The software does not properly protect an assumed-immutable element from being modified by an attacker. | 0 | 2 | 1 | 0 | 3 | |
CWE-1220 | Insufficient Granularity of Access Control The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets. | 0 | 2 | 1 | 0 | 3 | |
CWE-620 | Unverified Password Change When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication. | 0 | 0 | 1 | 2 | 3 | |
CWE-526 | Information Exposure Through Environmental Variables Environmental variables may contain sensitive information about a remote server. | 0 | 3 | 0 | 0 | 3 | |
CWE-126 | Buffer Over-read The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. | 0 | 3 | 0 | 0 | 3 | |
CWE-1286 | Improper Validation of Syntactic Correctness of Input The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax. | 0 | 2 | 1 | 0 | 3 | |
CWE-598 | Information Exposure Through Query Strings in GET Request The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that requests. | 2 | 0 | 1 | 0 | 3 | |
CWE-653 | Insufficient Compartmentalization The product does not sufficiently compartmentalize functionality or processes that require different privilege levels, rights, or permissions. | 0 | 3 | 0 | 0 | 3 | |
CWE-114 | Process Control Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker. | 0 | 0 | 1 | 2 | 3 |