Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-942 | Overly Permissive Cross-domain Whitelist The software uses a cross-domain policy file that includes domains that should not be trusted. | 1 | 1 | 0 | 0 | 2 | |
CWE-501 | Trust Boundary Violation The product mixes trusted and untrusted data in the same data structure or structured message. | 0 | 1 | 1 | 0 | 2 | |
CWE-799 | Improper Control of Interaction Frequency The software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests. | 1 | 1 | 0 | 0 | 2 | |
CWE-540 | Information Exposure Through Source Code Source code on a web server or repository often contains sensitive information and should generally not be accessible to users. | 1 | 1 | 0 | 0 | 2 | |
CWE-208 | Information Exposure Through Timing Discrepancy Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not. | 1 | 1 | 0 | 0 | 2 | |
CWE-840 | Business Logic Errors Weaknesses in this category identify some of the underlying problems that commonly allow attackers to manipulate the business logic of an application. Errors in business logic can be devastating to an entire application. They can be difficult to find automatically, since they typically involve legitimate use of the application's functionality. However, many business logic errors can exhibit patterns that are similar to well-understood implementation and design weaknesses.Weaknesses in this category identify some of the underlying problems that commonly allow attackers to manipulate the business logic of an application. Errors in business logic can be devastating to an entire application. They can be difficult to find automatically, since they typically involve legitimate use of the application's functionality. However, many business logic errors can exhibit patterns that are similar to well-understood implementation and design weaknesses. | 0 | 2 | 0 | 0 | 2 | |
CWE-280 | Improper Handling of Insufficient Permissions or Privileges The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the application in an invalid state. | 0 | 0 | 2 | 0 | 2 | |
CWE-300 | Channel Accessible by Non-Endpoint ('Man-in-the-Middle') The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint. | 0 | 2 | 0 | 0 | 2 | |
CWE-328 | Reversible One-Way Hash The product uses a hashing algorithm that produces a hash value that can be used to determine the original input, or to find an input that can produce the same hash, more efficiently than brute force techniques. | 1 | 0 | 1 | 0 | 2 | |
CWE-457 | Use of Uninitialized Variable The code uses a variable that has not been initialized, leading to unpredictable or unintended results. | 1 | 0 | 1 | 0 | 2 |