|CWE||NAME||LAST 12M||LOW||MEDIUM||HIGH||CRITICAL||TOTAL VULNS|
|CWE-612|| Information Exposure Through Indexing of Private Data |
The product creates a search index of private or sensitive documents, but it does not properly limit index access to actors who are authorized to see the original information.
|CWE-645|| Overly Restrictive Account Lockout Mechanism |
The software contains an account lockout protection mechanism, but the mechanism is too restrictive and can be triggered too easily, which allows attackers to deny service to legitimate users by causing their accounts to be locked out.
|CWE-836|| Use of Password Hash Instead of Password for Authentication |
The software records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store.
|CWE-1241|| Use of Predictable Algorithm in Random Number Generator |
The product requires a true random number but uses an algorithm that is predictable and generates a pseudo-random number.
|CWE-550|| Information Exposure Through Server Error Message |
Certain conditions, such as network failure, will cause a server error message to be displayed.
|CWE-316|| Cleartext Storage of Sensitive Information in Memory |
The application stores sensitive information in cleartext in memory.
|CWE-149|| Improper Neutralization of Quoting Syntax |
Quotes injected into an application can be used to compromise a system. As data are parsed, an injected/absent/duplicate/malformed use of quotes may cause the process to take unexpected actions.