CWE

Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities

New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWE List > Reports > Differences between Version 1.12 and Version 1.13  
ID

Differences between Version 1.12 and Version 1.13

Summary
Summary
Total (Version 1.13) 865
Total (Version 1.12) 844
Total new 21
Total deprecated 0
Total shared 844
Total important changes 138
Total major changes 682
Total minor changes 3
Total minor changes (no major)
Total unchanged 162

Summary of Entry Types

Type Version 1.12 Version 1.13
Category 120 137
Chain 3 3
Composite 6 6
Deprecated 12 12
View 24 25
Weakness 679 682

Field Change Summary
Field Change Summary

Any change with respect to whitespace is ignored. "Minor" changes are text changes that only affect capitalization and punctuation. Most other changes are marked as "Major." Simple schema changes are treated as Minor, such as the change from AffectedResource to Affected_Resource in Draft 8, or the relationship name change from "IsRequiredBy" to "RequiredBy" in Version 1.0. For each mutual relationship between nodes A and B (such as ParentOf and ChildOf), a relationship change is noted for both A and B.

Field Major Minor
Name 0 0
Description 4 2
Applicable_Platforms 2 0
Time_of_Introduction 0 0
Demonstrative_Examples 10 0
Detection_Factors 0 0
Likelihood_of_Exploit 0 0
Common_Consequences 678 0
Relationships 136 0
References 0 0
Potential_Mitigations 1 0
Observed_Examples 2 0
Terminology_Notes 0 0
Alternate_Terms 0 0
Related_Attack_Patterns 0 0
Relationship_Notes 1 0
Taxonomy_Mappings 127 0
Maintenance_Notes 3 0
Modes_of_Introduction 0 0
Affected_Resources 0 0
Functional_Areas 0 0
Research_Gaps 0 0
Background_Details 0 0
Theoretical_Notes 0 0
Weakness_Ordinalities 0 0
White_Box_Definitions 0 0
Enabling_Factors_for_Exploitation 0 0
Other_Notes 8 1
Relevant_Properties 0 0
View_Type 0 0
View_Structure 0 0
View_Filter 0 0
View_Audience 0 0
Common_Methods_of_Exploitation 0 0
Type 0 0
Causal_Nature 0 0
Source_Taxonomy 0 0
Context_Notes 0 0
Black_Box_Definitions 0 0

Form and Abstraction Changes

From To Total
Unchanged 844

Status Changes

From To Total
Unchanged 844

Relationship Changes

The "Version 1.13 Total" lists the total number of relationships in Version 1.13. The "Shared" value is the total number of relationships in entries that were in both Version 1.13 and Version 1.12. The "New" value is the total number of relationships involving entries that did not exist in Version 1.12. Thus, the total number of relationships in Version 1.13 would combine stats from Shared entries and New entries.

Relationship Version 1.13 Total Version 1.12 Total Version 1.13 Shared Unchanged Added to Version 1.13 Removed from Version 1.12 Version 1.13 New
ALL 5395 5063 5043 5039 4 24 352
ChildOf 2325 2177 2167 2165 2 12 158
ParentOf 2325 2177 2167 2165 2 12 158
MemberOf 136 119 119 119 17
HasMember 136 119 119 119 17
CanPrecede 113 112 112 112 1
CanFollow 113 112 112 112 1
StartsWith 3 3 3 3
Requires 19 19 19 19
RequiredBy 19 19 19 19
CanAlsoBe 34 34 34 34
PeerOf 172 172 172 172

Nodes Removed from Version 1.12

CWE-ID CWE Name
None.

Nodes Added to Version 1.13

CWE-ID CWE Name
843 Access of Resource Using Incompatible Type ('Type Confusion')
844 Weaknesses Addressed by the CERT Java Secure Coding Standard
845 CERT Java Secure Coding Section 00 - Input Validation and Data Sanitization (IDS)
846 CERT Java Secure Coding Section 01 - Declarations and Initialization (DCL)
847 CERT Java Secure Coding Section 02 - Expressions (EXP)
848 CERT Java Secure Coding Section 03 - Numeric Types and Operations (NUM)
849 CERT Java Secure Coding Section 04 - Object Orientation (OBJ)
850 CERT Java Secure Coding Section 05 - Methods (MET)
851 CERT Java Secure Coding Section 06 - Exceptional Behavior (ERR)
852 CERT Java Secure Coding Section 07 - Visibility and Atomicity (VNA)
853 CERT Java Secure Coding Section 08 - Locking (LCK)
854 CERT Java Secure Coding Section 09 - Thread APIs (THI)
855 CERT Java Secure Coding Section 10 - Thread Pools (TPS)
856 CERT Java Secure Coding Section 11 - Thread-Safety Miscellaneous (TSM)
857 CERT Java Secure Coding Section 12 - Input Output (FIO)
858 CERT Java Secure Coding Section 13 - Serialization (SER)
859 CERT Java Secure Coding Section 14 - Platform Security (SEC)
860 CERT Java Secure Coding Section 15 - Runtime Environment (ENV)
861 CERT Java Secure Coding Section 49 - Miscellaneous (MSC)
862 Missing Authorization
863 Incorrect Authorization

Nodes Deprecated in Version 1.13

CWE-ID CWE Name
None.
Important Changes
Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D Description
N Name
R Relationships

R 15 External Control of System or Configuration Setting
R 36 Absolute Path Traversal
R 67 Improper Handling of Windows Device Names
R 73 External Control of File Name or Path
R 78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
R 111 Direct Use of Unsafe JNI
D 113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
R 116 Improper Encoding or Escaping of Output
R 119 Improper Restriction of Operations within the Bounds of a Memory Buffer
R 134 Uncontrolled Format String
R 135 Incorrect Calculation of Multi-Byte String Length
R 144 Improper Neutralization of Line Delimiters
R 150 Improper Neutralization of Escape, Meta, or Control Sequences
D R 171 Cleansing, Canonicalization, and Comparison Errors
D 172 Encoding Error
R 180 Incorrect Behavior Order: Validate Before Canonicalize
R 182 Collapse of Data into Unsafe Value
R 197 Numeric Truncation Error
R 198 Use of Incorrect Byte Ordering
R 209 Information Exposure Through an Error Message
R 215 Information Exposure Through Debug Information
R 226 Sensitive Information Uncleared Before Release
R 230 Improper Handling of Missing Values
R 232 Improper Handling of Undefined Values
R 248 Uncaught Exception
R 250 Execution with Unnecessary Privileges
R 252 Unchecked Return Value
R 256 Plaintext Storage of a Password
R 259 Use of Hard-coded Password
R 266 Incorrect Privilege Assignment
R 272 Least Privilege Violation
R 276 Incorrect Default Permissions
R 279 Incorrect Execution-Assigned Permissions
R 285 Improper Authorization
R 289 Authentication Bypass by Alternate Name
R 300 Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
R 302 Authentication Bypass by Assumed-Immutable Data
R 311 Missing Encryption of Sensitive Data
R 319 Cleartext Transmission of Sensitive Information
R 327 Use of a Broken or Risky Cryptographic Algorithm
R 330 Use of Insufficiently Random Values
R 332 Insufficient Entropy in PRNG
R 333 Improper Handling of Insufficient Entropy in TRNG
R 336 Same Seed in PRNG
R 337 Predictable Seed in PRNG
R 347 Improper Verification of Cryptographic Signature
R 349 Acceptance of Extraneous Untrusted Data With Trusted Data
R 358 Improperly Implemented Security Check for Standard
R 359 Privacy Violation
R 362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
R 366 Race Condition within a Thread
R 369 Divide By Zero
R 374 Passing Mutable Objects to an Untrusted Method
R 375 Returning a Mutable Object to an Untrusted Caller
R 377 Insecure Temporary File
R 382 J2EE Bad Practices: Use of System.exit()
R 390 Detection of Error Condition Without Action
R 392 Missing Report of Error Condition
R 395 Use of NullPointerException Catch to Detect NULL Pointer Dereference
R 397 Declaration of Throws for Generic Exception
R 400 Uncontrolled Resource Consumption ('Resource Exhaustion')
R 401 Improper Release of Memory Before Removing Last Reference ('Memory Leak')
R 404 Improper Resource Shutdown or Release
R 405 Asymmetric Resource Consumption (Amplification)
R 409 Improper Handling of Highly Compressed Data (Data Amplification)
R 410 Insufficient Resource Pool
R 412 Unrestricted Externally Accessible Lock
R 413 Improper Resource Locking
R 425 Direct Request ('Forced Browsing')
R 454 External Initialization of Trusted Variables or Data Stores
R 459 Incomplete Cleanup
R 460 Improper Cleanup on Thrown Exception
R 470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
R 479 Signal Handler Use of a Non-reentrant Function
R 480 Use of Incorrect Operator
R 484 Omitted Break Statement in Switch
R 486 Comparison of Classes by Name
R 487 Reliance on Package-level Scope
R 491 Public cloneable() Method Without Final ('Object Hijack')
R 492 Use of Inner Class Containing Sensitive Data
R 493 Critical Public Variable Without Final Modifier
R 494 Download of Code Without Integrity Check
R 497 Exposure of System Data to an Unauthorized Control Sphere
R 498 Cloneable Class Containing Sensitive Information
R 499 Serializable Class Containing Sensitive Data
R 500 Public Static Field Not Marked Final
R 502 Deserialization of Untrusted Data
R 524 Information Exposure Through Caching
R 526 Information Exposure Through Environmental Variables
R 528 Exposure of Core Dump File to an Unauthorized Control Sphere
R 532 Information Exposure Through Log Files
R 533 Information Exposure Through Server Log Files
R 534 Information Exposure Through Debug Log Files
R 539 Information Exposure Through Persistent Cookies
R 542 Information Exposure Through Cleanup Log Files
R 543 Use of Singleton Pattern Without Synchronization in a Multithreaded Context
D R 551 Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
R 567 Unsynchronized Access to Shared Data in a Multithreaded Context
R 568 finalize() Method Without super.finalize()
R 572 Call to Thread run() instead of start()
R 573 Improper Following of Specification by Caller
R 581 Object Model Violation: Just One of Equals and Hashcode Defined
R 582 Array Declared Public, Final, and Static
R 583 finalize() Method Declared Public
R 584 Return Inside Finally Block
R 586 Explicit Call to Finalize()
R 589 Call to Non-ubiquitous API
R 595 Comparison of Object References Instead of Object Contents
R 597 Use of Wrong Operator in String Comparison
R 600 Uncaught Exception in Servlet
R 607 Public Static Final Field References Mutable Object
R 609 Double-Checked Locking
R 625 Permissive Regular Expression
R 638 Not Using Complete Mediation
R 639 Authorization Bypass Through User-Controlled Key
R 647 Use of Non-Canonical URL Paths for Authorization Decisions
R 662 Improper Synchronization
R 664 Improper Control of a Resource Through its Lifetime
R 665 Improper Initialization
R 667 Improper Locking
R 670 Always-Incorrect Control Flow Implementation
R 681 Incorrect Conversion between Numeric Types
R 690 Unchecked Return Value to NULL Pointer Dereference
R 703 Improper Check or Handling of Exceptional Conditions
R 704 Incorrect Type Conversion or Cast
R 705 Incorrect Control Flow Scoping
R 732 Incorrect Permission Assignment for Critical Resource
R 766 Critical Variable Declared Public
R 770 Allocation of Resources Without Limits or Throttling
R 772 Missing Release of Resource after Effective Lifetime
R 798 Use of Hard-coded Credentials
R 804 Guessable CAPTCHA
R 820 Missing Synchronization
R 821 Incorrect Synchronization
R 833 Deadlock
R 834 Excessive Iteration
R 835 Loop with Unreachable Exit Condition ('Infinite Loop')
R 838 Inappropriate Encoding for Output Context
Detailed Difference Report
Detailed Difference Report
5 J2EE Misconfiguration: Data Transmission Without Encryption
Major Common_Consequences
Minor None
6 J2EE Misconfiguration: Insufficient Session-ID Length
Major Common_Consequences
Minor None
7 J2EE Misconfiguration: Missing Custom Error Page
Major Common_Consequences
Minor None
8 J2EE Misconfiguration: Entity Bean Declared Remote
Major Common_Consequences
Minor None
9 J2EE Misconfiguration: Weak Access Permissions for EJB Methods
Major Common_Consequences
Minor None
11 ASP.NET Misconfiguration: Creating Debug Binary
Major Common_Consequences
Minor None
12 ASP.NET Misconfiguration: Missing Custom Error Page
Major Common_Consequences
Minor None
13 ASP.NET Misconfiguration: Password in Configuration File
Major Common_Consequences
Minor None
14 Compiler Removal of Code to Clear Buffers
Major Common_Consequences
Minor None
15 External Control of System or Configuration Setting
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
20 Improper Input Validation
Major Applicable_Platforms, Common_Consequences, Relationship_Notes
Minor None
23 Relative Path Traversal
Major Common_Consequences
Minor None
24 Path Traversal: '../filedir'
Major Common_Consequences
Minor None
25 Path Traversal: '/../filedir'
Major Common_Consequences
Minor None
26 Path Traversal: '/dir/../filename'
Major Common_Consequences
Minor None
27 Path Traversal: 'dir/../../filename'
Major Common_Consequences
Minor None
28 Path Traversal: '..\filedir'
Major Common_Consequences
Minor None
29 Path Traversal: '\..\filename'
Major Common_Consequences
Minor None
30 Path Traversal: '\dir\..\filename'
Major Common_Consequences
Minor None
31 Path Traversal: 'dir\..\..\filename'
Major Common_Consequences
Minor None
32 Path Traversal: '...' (Triple Dot)
Major Common_Consequences
Minor None
33 Path Traversal: '....' (Multiple Dot)
Major Common_Consequences
Minor None
34 Path Traversal: '....//'
Major Common_Consequences
Minor None
35 Path Traversal: '.../...//'
Major Common_Consequences
Minor None
36 Absolute Path Traversal
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
37 Path Traversal: '/absolute/pathname/here'
Major Common_Consequences
Minor None
38 Path Traversal: '\absolute\pathname\here'
Major Common_Consequences
Minor None
39 Path Traversal: 'C:dirname'
Major Common_Consequences
Minor None
40 Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
Major Common_Consequences
Minor None
41 Improper Resolution of Path Equivalence
Major Common_Consequences
Minor None
42 Path Equivalence: 'filename.' (Trailing Dot)
Major Common_Consequences
Minor None
43 Path Equivalence: 'filename....' (Multiple Trailing Dot)
Major Common_Consequences
Minor None
44 Path Equivalence: 'file.name' (Internal Dot)
Major Common_Consequences
Minor None
45 Path Equivalence: 'file...name' (Multiple Internal Dot)
Major Common_Consequences
Minor None
46 Path Equivalence: 'filename ' (Trailing Space)
Major Common_Consequences
Minor None
47 Path Equivalence: ' filename' (Leading Space)
Major Common_Consequences
Minor None
48 Path Equivalence: 'file name' (Internal Whitespace)
Major Common_Consequences
Minor None
49 Path Equivalence: 'filename/' (Trailing Slash)
Major Common_Consequences
Minor None
50 Path Equivalence: '//multiple/leading/slash'
Major Common_Consequences
Minor None
51 Path Equivalence: '/multiple//internal/slash'
Major Common_Consequences
Minor None
52 Path Equivalence: '/multiple/trailing/slash//'
Major Common_Consequences
Minor None
53 Path Equivalence: '\multiple\\internal\backslash'
Major Common_Consequences
Minor None
54 Path Equivalence: 'filedir\' (Trailing Backslash)
Major Common_Consequences
Minor None
55 Path Equivalence: '/./' (Single Dot Directory)
Major Common_Consequences
Minor None
56 Path Equivalence: 'filedir*' (Wildcard)
Major Common_Consequences
Minor None
57 Path Equivalence: 'fakedir/../realdir/filename'
Major Common_Consequences
Minor None
58 Path Equivalence: Windows 8.3 Filename
Major Common_Consequences
Minor None
59 Improper Link Resolution Before File Access ('Link Following')
Major Common_Consequences
Minor None
61 UNIX Symbolic Link (Symlink) Following
Major Common_Consequences
Minor None
62 UNIX Hard Link
Major Common_Consequences
Minor None
64 Windows Shortcut Following (.LNK)
Major Common_Consequences
Minor None
65 Windows Hard Link
Major Common_Consequences
Minor None
66 Improper Handling of File Names that Identify Virtual Resources
Major Common_Consequences
Minor None
67 Improper Handling of Windows Device Names
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
69 Improper Handling of Windows ::DATA Alternate Data Stream
Major Common_Consequences
Minor None
71 Apple '.DS_Store'
Major Common_Consequences
Minor None
72 Improper Handling of Apple HFS+ Alternate Data Stream Path
Major Common_Consequences
Minor None
73 External Control of File Name or Path
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Major Common_Consequences
Minor None
75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Major Common_Consequences
Minor None
76 Improper Neutralization of Equivalent Special Elements
Major Common_Consequences
Minor None
77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Major Common_Consequences
Minor None
78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Major Common_Consequences
Minor None
80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Major Common_Consequences
Minor None
81 Improper Neutralization of Script in an Error Message Web Page
Major Common_Consequences
Minor None
82 Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
Major Common_Consequences
Minor None
83 Improper Neutralization of Script in Attributes in a Web Page
Major Common_Consequences
Minor None
84 Improper Neutralization of Encoded URI Schemes in a Web Page
Major Common_Consequences
Minor None
85 Doubled Character XSS Manipulations
Major Common_Consequences
Minor None
86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages
Major Common_Consequences
Minor None
87 Improper Neutralization of Alternate XSS Syntax
Major Common_Consequences
Minor None
88 Argument Injection or Modification
Major Common_Consequences
Minor None
89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Major Common_Consequences
Minor None
90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Major Common_Consequences
Minor None
91 XML Injection (aka Blind XPath Injection)
Major Common_Consequences
Minor None
93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
Major Common_Consequences
Minor None
94 Improper Control of Generation of Code ('Code Injection')
Major Common_Consequences
Minor None
95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Major Common_Consequences
Minor None
96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
Major Common_Consequences
Minor None
97 Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
Major Common_Consequences
Minor None
99 Improper Control of Resource Identifiers ('Resource Injection')
Major Common_Consequences, Other_Notes
Minor None
102 Struts: Duplicate Validation Forms
Major Common_Consequences
Minor None
103 Struts: Incomplete validate() Method Definition
Major Common_Consequences
Minor None
104 Struts: Form Bean Does Not Extend Validation Class
Major Common_Consequences
Minor None
105 Struts: Form Field Without Validator
Major Common_Consequences
Minor None
106 Struts: Plug-in Framework not in Use
Major Common_Consequences
Minor Other_Notes
107 Struts: Unused Validation Form
Major Common_Consequences
Minor None
108 Struts: Unvalidated Action Form
Major Common_Consequences
Minor None
109 Struts: Validator Turned Off
Major Common_Consequences
Minor None
110 Struts: Validator Without Form Field
Major Common_Consequences
Minor None
111 Direct Use of Unsafe JNI
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
112 Missing XML Validation
Major Common_Consequences
Minor None
113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Major Common_Consequences, Description
Minor None
114 Process Control
Major Common_Consequences
Minor None
115 Misinterpretation of Input
Major Common_Consequences
Minor None
116 Improper Encoding or Escaping of Output
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
117 Improper Output Neutralization for Logs
Major Common_Consequences
Minor None
118 Improper Access of Indexable Resource ('Range Error')
Major Common_Consequences
Minor None
119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Major Common_Consequences, Relationships
Minor None
120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Major Common_Consequences
Minor None
121 Stack-based Buffer Overflow
Major Common_Consequences
Minor None
122 Heap-based Buffer Overflow
Major Common_Consequences
Minor None
123 Write-what-where Condition
Major Common_Consequences
Minor None
124 Buffer Underwrite ('Buffer Underflow')
Major Common_Consequences
Minor None
125 Out-of-bounds Read
Major Common_Consequences
Minor None
126 Buffer Over-read
Major Common_Consequences
Minor None
127 Buffer Under-read
Major Common_Consequences
Minor None
128 Wrap-around Error
Major Common_Consequences
Minor None
129 Improper Validation of Array Index
Major Common_Consequences
Minor None
130 Improper Handling of Length Parameter Inconsistency
Major Common_Consequences
Minor None
131 Incorrect Calculation of Buffer Size
Major Common_Consequences
Minor None
134 Uncontrolled Format String
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
135 Incorrect Calculation of Multi-Byte String Length
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
138 Improper Neutralization of Special Elements
Major Common_Consequences
Minor None
140 Improper Neutralization of Delimiters
Major Common_Consequences
Minor None
141 Improper Neutralization of Parameter/Argument Delimiters
Major Common_Consequences
Minor None
142 Improper Neutralization of Value Delimiters
Major Common_Consequences
Minor None
143 Improper Neutralization of Record Delimiters
Major Common_Consequences
Minor None
144 Improper Neutralization of Line Delimiters
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
145 Improper Neutralization of Section Delimiters
Major Common_Consequences
Minor None
146 Improper Neutralization of Expression/Command Delimiters
Major Common_Consequences
Minor None
147 Improper Neutralization of Input Terminators
Major Common_Consequences
Minor None
148 Improper Neutralization of Input Leaders
Major Common_Consequences
Minor None
149 Improper Neutralization of Quoting Syntax
Major Common_Consequences
Minor None
150 Improper Neutralization of Escape, Meta, or Control Sequences
Major Common_Consequences, Observed_Examples, Relationships, Taxonomy_Mappings
Minor None
151 Improper Neutralization of Comment Delimiters
Major Common_Consequences
Minor None
152 Improper Neutralization of Macro Symbols
Major Common_Consequences
Minor None
153 Improper Neutralization of Substitution Characters
Major Common_Consequences
Minor None
154 Improper Neutralization of Variable Name Delimiters
Major Common_Consequences
Minor None
155 Improper Neutralization of Wildcards or Matching Symbols
Major Common_Consequences
Minor None
156 Improper Neutralization of Whitespace
Major Common_Consequences
Minor None
157 Failure to Sanitize Paired Delimiters
Major Common_Consequences
Minor None
158 Improper Neutralization of Null Byte or NUL Character
Major Common_Consequences
Minor None
159 Failure to Sanitize Special Element
Major Common_Consequences
Minor None
160 Improper Neutralization of Leading Special Elements
Major Common_Consequences
Minor None
161 Improper Neutralization of Multiple Leading Special Elements
Major Common_Consequences
Minor None
162 Improper Neutralization of Trailing Special Elements
Major Common_Consequences
Minor None
163 Improper Neutralization of Multiple Trailing Special Elements
Major Common_Consequences
Minor None
164 Improper Neutralization of Internal Special Elements
Major Common_Consequences
Minor None
165 Improper Neutralization of Multiple Internal Special Elements
Major Common_Consequences
Minor None
166 Improper Handling of Missing Special Element
Major Common_Consequences
Minor None
167 Improper Handling of Additional Special Element
Major Common_Consequences
Minor None
168 Improper Handling of Inconsistent Special Elements
Major Common_Consequences
Minor None
170 Improper Null Termination
Major Common_Consequences
Minor None
171 Cleansing, Canonicalization, and Comparison Errors
Major Description, Relationships, Taxonomy_Mappings
Minor None
172 Encoding Error
Major Common_Consequences, Description
Minor None
173 Improper Handling of Alternate Encoding
Major Common_Consequences
Minor None
174 Double Decoding of the Same Data
Major Common_Consequences
Minor None
175 Improper Handling of Mixed Encoding
Major Common_Consequences
Minor None
176 Improper Handling of Unicode Encoding
Major Common_Consequences
Minor None
177 Improper Handling of URL Encoding (Hex Encoding)
Major Common_Consequences
Minor None
178 Improper Handling of Case Sensitivity
Major Common_Consequences
Minor None
179 Incorrect Behavior Order: Early Validation
Major Common_Consequences
Minor None
180 Incorrect Behavior Order: Validate Before Canonicalize
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
181 Incorrect Behavior Order: Validate Before Filter
Major Common_Consequences
Minor None
182 Collapse of Data into Unsafe Value
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
183 Permissive Whitelist
Major Common_Consequences
Minor None
184 Incomplete Blacklist
Major Common_Consequences
Minor None
185 Incorrect Regular Expression
Major Common_Consequences
Minor None
186 Overly Restrictive Regular Expression
Major Common_Consequences
Minor None
187 Partial Comparison
Major Common_Consequences, Demonstrative_Examples
Minor None
188 Reliance on Data/Memory Layout
Major Common_Consequences
Minor None
190 Integer Overflow or Wraparound
Major Common_Consequences
Minor None
191 Integer Underflow (Wrap or Wraparound)
Major Common_Consequences
Minor None
192 Integer Coercion Error
Major Common_Consequences
Minor None
193 Off-by-one Error
Major Common_Consequences
Minor None
194 Unexpected Sign Extension
Major Common_Consequences
Minor None
195 Signed to Unsigned Conversion Error
Major Common_Consequences
Minor None
196 Unsigned to Signed Conversion Error
Major Common_Consequences
Minor None
197 Numeric Truncation Error
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
198 Use of Incorrect Byte Ordering
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
200 Information Exposure
Major Common_Consequences
Minor None
201 Information Exposure Through Sent Data
Major Common_Consequences
Minor None
202 Exposure of Sensitive Data Through Data Queries
Major Common_Consequences
Minor None
203 Information Exposure Through Discrepancy
Major Common_Consequences
Minor None
204 Response Discrepancy Information Exposure
Major Common_Consequences
Minor None
205 Information Exposure Through Behavioral Discrepancy
Major Common_Consequences
Minor None
206 Information Exposure of Internal State Through Behavioral Inconsistency
Major Common_Consequences
Minor None
207 Information Exposure Through an External Behavioral Inconsistency
Major Common_Consequences
Minor None
208 Information Exposure Through Timing Discrepancy
Major Common_Consequences
Minor None
209 Information Exposure Through an Error Message
Major Relationships, Taxonomy_Mappings
Minor None
210 Information Exposure Through Generated Error Message
Major Common_Consequences
Minor None
211 Information Exposure Through External Error Message
Major Common_Consequences
Minor None
212 Improper Cross-boundary Removal of Sensitive Data
Major Common_Consequences
Minor None
213 Intentional Information Exposure
Major Common_Consequences
Minor None
214 Information Exposure Through Process Environment
Major Common_Consequences
Minor None
215 Information Exposure Through Debug Information
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
216 Containment Errors (Container Errors)
Major Common_Consequences
Minor None
219 Sensitive Data Under Web Root
Major Common_Consequences
Minor None
220 Sensitive Data Under FTP Root
Major Common_Consequences
Minor None
221 Information Loss or Omission
Major Common_Consequences
Minor None
222 Truncation of Security-relevant Information
Major Common_Consequences
Minor None
223 Omission of Security-relevant Information
Major Common_Consequences
Minor None
224 Obscured Security-relevant Information by Alternate Name
Major Common_Consequences
Minor None
226 Sensitive Information Uncleared Before Release
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
227 Improper Fulfillment of API Contract ('API Abuse')
Major Common_Consequences
Minor None
228 Improper Handling of Syntactically Invalid Structure
Major Common_Consequences
Minor None
229 Improper Handling of Values
Major Common_Consequences
Minor None
230 Improper Handling of Missing Values
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
231 Improper Handling of Extra Values
Major Common_Consequences
Minor None
232 Improper Handling of Undefined Values
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
233 Parameter Problems
Major Common_Consequences
Minor None
234 Failure to Handle Missing Parameter
Major Common_Consequences
Minor None
235 Improper Handling of Extra Parameters
Major Common_Consequences
Minor None
236 Improper Handling of Undefined Parameters
Major Common_Consequences
Minor None
237 Improper Handling of Structural Elements
Major Common_Consequences
Minor None
238 Improper Handling of Incomplete Structural Elements
Major Common_Consequences
Minor None
239 Failure to Handle Incomplete Element
Major Common_Consequences
Minor None
240 Improper Handling of Inconsistent Structural Elements
Major Common_Consequences
Minor None
241 Improper Handling of Unexpected Data Type
Major Common_Consequences
Minor None
242 Use of Inherently Dangerous Function
Major Common_Consequences
Minor None
243 Creation of chroot Jail Without Changing Working Directory
Major Common_Consequences
Minor None
244 Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Major Common_Consequences
Minor None
245 J2EE Bad Practices: Direct Management of Connections
Major Common_Consequences
Minor None
246 J2EE Bad Practices: Direct Use of Sockets
Major Common_Consequences
Minor None
247 Reliance on DNS Lookups in a Security Decision
Major Common_Consequences
Minor None
248 Uncaught Exception
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
250 Execution with Unnecessary Privileges
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
252 Unchecked Return Value
Major Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings
Minor None
253 Incorrect Check of Function Return Value
Major Common_Consequences
Minor None
256 Plaintext Storage of a Password
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
257 Storing Passwords in a Recoverable Format
Major Common_Consequences, Demonstrative_Examples
Minor None
258 Empty Password in Configuration File
Major Common_Consequences
Minor None
259 Use of Hard-coded Password
Major Common_Consequences, Potential_Mitigations, Relationships, Taxonomy_Mappings
Minor None
260 Password in Configuration File
Major Common_Consequences
Minor None
261 Weak Cryptography for Passwords
Major Common_Consequences
Minor None
262 Not Using Password Aging
Major Common_Consequences
Minor None
263 Password Aging with Long Expiration
Major Common_Consequences
Minor None
266 Incorrect Privilege Assignment
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
267 Privilege Defined With Unsafe Actions
Major Common_Consequences
Minor None
268 Privilege Chaining
Major Common_Consequences
Minor None
269 Improper Privilege Management
Major Common_Consequences
Minor None
270 Privilege Context Switching Error
Major Common_Consequences
Minor None
271 Privilege Dropping / Lowering Errors
Major Common_Consequences
Minor None
272 Least Privilege Violation
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
273 Improper Check for Dropped Privileges
Major Common_Consequences
Minor None
274 Improper Handling of Insufficient Privileges
Major Common_Consequences
Minor None
276 Incorrect Default Permissions
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
277 Insecure Inherited Permissions
Major Common_Consequences
Minor None
278 Insecure Preserved Inherited Permissions
Major Common_Consequences
Minor None
279 Incorrect Execution-Assigned Permissions
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
280 Improper Handling of Insufficient Permissions or Privileges
Major Common_Consequences
Minor None
281 Improper Preservation of Permissions
Major Common_Consequences
Minor None
282 Improper Ownership Management
Major Common_Consequences
Minor None
283 Unverified Ownership
Major Common_Consequences
Minor None
284 Improper Access Control
Major Common_Consequences
Minor None
285 Improper Authorization
Major Common_Consequences, Observed_Examples, Relationships
Minor None
286 Incorrect User Management
Major Common_Consequences
Minor None
287 Improper Authentication
Major Common_Consequences
Minor None
288 Authentication Bypass Using an Alternate Path or Channel
Major Common_Consequences
Minor None
289 Authentication Bypass by Alternate Name
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
290 Authentication Bypass by Spoofing
Major Common_Consequences
Minor None
291 Trusting Self-reported IP Address
Major Common_Consequences, Demonstrative_Examples
Minor None
292 Trusting Self-reported DNS Name
Major Common_Consequences
Minor None
293 Using Referer Field for Authentication
Major Common_Consequences
Minor None
294 Authentication Bypass by Capture-replay
Major Common_Consequences, Demonstrative_Examples
Minor None
296 Improper Following of Chain of Trust for Certificate Validation
Major Common_Consequences
Minor None
297 Improper Validation of Host-specific Certificate Data
Major Common_Consequences
Minor None
298 Improper Validation of Certificate Expiration
Major Common_Consequences
Minor None
299 Improper Check for Certificate Revocation
Major Common_Consequences
Minor None
300 Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
301 Reflection Attack in an Authentication Protocol
Major Common_Consequences
Minor None
302 Authentication Bypass by Assumed-Immutable Data
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
303 Incorrect Implementation of Authentication Algorithm
Major Common_Consequences
Minor None
304 Missing Critical Step in Authentication
Major Common_Consequences
Minor None
305 Authentication Bypass by Primary Weakness
Major Common_Consequences
Minor None
306 Missing Authentication for Critical Function
Major Common_Consequences
Minor None
307 Improper Restriction of Excessive Authentication Attempts
Major Common_Consequences
Minor None
308 Use of Single-factor Authentication
Major Common_Consequences
Minor None
309 Use of Password System for Primary Authentication
Major Common_Consequences
Minor None
311 Missing Encryption of Sensitive Data
Major Relationships, Taxonomy_Mappings
Minor None
312 Cleartext Storage of Sensitive Information
Major Common_Consequences
Minor None
313 Plaintext Storage in a File or on Disk
Major Common_Consequences
Minor None
314 Plaintext Storage in the Registry
Major Common_Consequences
Minor None
315 Plaintext Storage in a Cookie
Major Common_Consequences
Minor None
316 Plaintext Storage in Memory
Major Common_Consequences
Minor None
317 Plaintext Storage in GUI
Major Common_Consequences
Minor None
318 Plaintext Storage in Executable
Major Common_Consequences
Minor None
319 Cleartext Transmission of Sensitive Information
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
321 Use of Hard-coded Cryptographic Key
Major Common_Consequences
Minor None
322 Key Exchange without Entity Authentication
Major Common_Consequences
Minor None
323 Reusing a Nonce, Key Pair in Encryption
Major Common_Consequences
Minor None
324 Use of a Key Past its Expiration Date
Major Common_Consequences
Minor None
325 Missing Required Cryptographic Step
Major Common_Consequences
Minor None
326 Inadequate Encryption Strength
Major Common_Consequences
Minor None
327 Use of a Broken or Risky Cryptographic Algorithm
Major Relationships, Taxonomy_Mappings
Minor None
328 Reversible One-Way Hash
Major Common_Consequences
Minor None
329 Not Using a Random IV with CBC Mode
Major Common_Consequences
Minor None
330 Use of Insufficiently Random Values
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
331 Insufficient Entropy
Major Common_Consequences
Minor None
332 Insufficient Entropy in PRNG
Major Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings
Minor None
333 Improper Handling of Insufficient Entropy in TRNG
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
334 Small Space of Random Values
Major Common_Consequences
Minor None
335 PRNG Seed Error
Major Common_Consequences
Minor None
336 Same Seed in PRNG
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
337 Predictable Seed in PRNG
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
338 Use of Cryptographically Weak PRNG
Major Common_Consequences
Minor None
339 Small Seed Space in PRNG
Major Common_Consequences
Minor None
340 Predictability Problems
Major Common_Consequences
Minor None
341 Predictable from Observable State
Major Common_Consequences
Minor None
342 Predictable Exact Value from Previous Values
Major Common_Consequences
Minor None
343 Predictable Value Range from Previous Values
Major Common_Consequences
Minor None
344 Use of Invariant Value in Dynamically Changing Context
Major Common_Consequences
Minor None
345 Insufficient Verification of Data Authenticity
Major Common_Consequences
Minor None
346 Origin Validation Error
Major Common_Consequences
Minor None
347 Improper Verification of Cryptographic Signature
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
348 Use of Less Trusted Source
Major Common_Consequences
Minor None
349 Acceptance of Extraneous Untrusted Data With Trusted Data
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
350 Improperly Trusted Reverse DNS
Major Common_Consequences
Minor None
351 Insufficient Type Distinction
Major Common_Consequences
Minor None
352 Cross-Site Request Forgery (CSRF)
Major Common_Consequences
Minor None
353 Missing Support for Integrity Check
Major Common_Consequences, Demonstrative_Examples
Minor None
354 Improper Validation of Integrity Check Value
Major Common_Consequences
Minor None
356 Product UI does not Warn User of Unsafe Actions
Major Common_Consequences
Minor None
357 Insufficient UI Warning of Dangerous Operations
Major Common_Consequences
Minor None
358 Improperly Implemented Security Check for Standard
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
359 Privacy Violation
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
360 Trust of System Event Data
Major Common_Consequences
Minor None
362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
363 Race Condition Enabling Link Following
Major Common_Consequences
Minor None
364 Signal Handler Race Condition
Major Common_Consequences
Minor None
365 Race Condition in Switch
Major Common_Consequences
Minor None
366 Race Condition within a Thread
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
367 Time-of-check Time-of-use (TOCTOU) Race Condition
Major Common_Consequences
Minor None
368 Context Switching Race Condition
Major Common_Consequences
Minor None
369 Divide By Zero
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
370 Missing Check for Certificate Revocation after Initial Check
Major Common_Consequences
Minor None
372 Incomplete Internal State Distinction
Major Common_Consequences
Minor None
374 Passing Mutable Objects to an Untrusted Method
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
375 Returning a Mutable Object to an Untrusted Caller
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
377 Insecure Temporary File
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
378 Creation of Temporary File With Insecure Permissions
Major Common_Consequences
Minor None
379 Creation of Temporary File in Directory with Incorrect Permissions
Major Common_Consequences
Minor None
382 J2EE Bad Practices: Use of System.exit()
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
383 J2EE Bad Practices: Direct Use of Threads
Major Common_Consequences
Minor None
384 Session Fixation
Major Common_Consequences
Minor None
385 Covert Timing Channel
Major Common_Consequences
Minor None
386 Symbolic Name not Mapping to Correct Object
Major Common_Consequences
Minor None
388 Error Handling
Major Common_Consequences
Minor None
390 Detection of Error Condition Without Action
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
391 Unchecked Error Condition
Major Common_Consequences
Minor None
392 Missing Report of Error Condition
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
393 Return of Wrong Status Code
Major Common_Consequences
Minor None
394 Unexpected Status Code or Return Value
Major Common_Consequences
Minor None
395 Use of NullPointerException Catch to Detect NULL Pointer Dereference
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
396 Declaration of Catch for Generic Exception
Major Common_Consequences
Minor None
397 Declaration of Throws for Generic Exception
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
398 Indicator of Poor Code Quality
Major Common_Consequences
Minor None
400 Uncontrolled Resource Consumption ('Resource Exhaustion')
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
401 Improper Release of Memory Before Removing Last Reference ('Memory Leak')
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
402 Transmission of Private Resources into a New Sphere ('Resource Leak')
Major Common_Consequences
Minor None
403 Exposure of File Descriptor to Unintended Control Sphere
Major Common_Consequences
Minor None
404 Improper Resource Shutdown or Release
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
405 Asymmetric Resource Consumption (Amplification)
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
406 Insufficient Control of Network Message Volume (Network Amplification)
Major Common_Consequences
Minor None
407 Algorithmic Complexity
Major Common_Consequences
Minor None
408 Incorrect Behavior Order: Early Amplification
Major Common_Consequences
Minor None
409 Improper Handling of Highly Compressed Data (Data Amplification)
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
410 Insufficient Resource Pool
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
412 Unrestricted Externally Accessible Lock
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
413 Improper Resource Locking
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
414 Missing Lock Check
Major Common_Consequences
Minor None
415 Double Free
Major Common_Consequences
Minor None
416 Use After Free
Major Common_Consequences
Minor None
419 Unprotected Primary Channel
Major Common_Consequences
Minor None
420 Unprotected Alternate Channel
Major Common_Consequences
Minor None
421 Race Condition During Access to Alternate Channel
Major Common_Consequences
Minor None
422 Unprotected Windows Messaging Channel ('Shatter')
Major Common_Consequences
Minor None
424 Improper Protection of Alternate Path
Major Common_Consequences
Minor None
425 Direct Request ('Forced Browsing')
Major Common_Consequences, Relationships
Minor None
426 Untrusted Search Path
Major Common_Consequences
Minor None
427 Uncontrolled Search Path Element
Major Common_Consequences
Minor None
428 Unquoted Search Path or Element
Major Common_Consequences
Minor None
430 Deployment of Wrong Handler
Major Common_Consequences
Minor None
431 Missing Handler
Major Common_Consequences
Minor None
432 Dangerous Signal Handler not Disabled During Sensitive Operations
Major Common_Consequences
Minor None
433 Unparsed Raw Web Content Delivery
Major Common_Consequences
Minor None
435 Interaction Error
Major Common_Consequences
Minor None
436 Interpretation Conflict
Major Common_Consequences
Minor None
437 Incomplete Model of Endpoint Features
Major Common_Consequences
Minor None
439 Behavioral Change in New Version or Environment
Major Common_Consequences
Minor None
440 Expected Behavior Violation
Major Common_Consequences
Minor None
441 Unintended Proxy/Intermediary
Major Common_Consequences
Minor None
444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Major Common_Consequences
Minor None
446 UI Discrepancy for Security Feature
Major Common_Consequences
Minor None
447 Unimplemented or Unsupported Feature in UI
Major Common_Consequences
Minor None
448 Obsolete Feature in UI
Major Common_Consequences
Minor None
449 The UI Performs the Wrong Action
Major Common_Consequences
Minor None
450 Multiple Interpretations of UI Input
Major Common_Consequences
Minor None
451 UI Misrepresentation of Critical Information
Major Common_Consequences
Minor None
453 Insecure Default Variable Initialization
Major Common_Consequences
Minor None
454 External Initialization of Trusted Variables or Data Stores
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
455 Non-exit on Failed Initialization
Major Common_Consequences
Minor None
456 Missing Initialization
Major Common_Consequences
Minor None
457 Use of Uninitialized Variable
Major Common_Consequences
Minor None
459 Incomplete Cleanup
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
460 Improper Cleanup on Thrown Exception
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
462 Duplicate Key in Associative List (Alist)
Major Common_Consequences
Minor None
463 Deletion of Data Structure Sentinel
Major Common_Consequences, Demonstrative_Examples
Minor None
464 Addition of Data Structure Sentinel
Major Common_Consequences
Minor None
466 Return of Pointer Value Outside of Expected Range
Major Common_Consequences
Minor None
467 Use of sizeof() on a Pointer Type
Major Common_Consequences
Minor None
468 Incorrect Pointer Scaling
Major Common_Consequences
Minor None
469 Use of Pointer Subtraction to Determine Size
Major Common_Consequences
Minor None
470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
471 Modification of Assumed-Immutable Data (MAID)
Major Common_Consequences
Minor None
472 External Control of Assumed-Immutable Web Parameter
Major Common_Consequences
Minor None
473 PHP External Variable Modification
Major Common_Consequences
Minor None
474 Use of Function with Inconsistent Implementations
Major Common_Consequences, Other_Notes
Minor None
475 Undefined Behavior for Input to API
Major Common_Consequences
Minor None
476 NULL Pointer Dereference
Major Common_Consequences
Minor None
477 Use of Obsolete Functions
Major Common_Consequences
Minor None
478 Missing Default Case in Switch Statement
Major Common_Consequences
Minor None
479 Signal Handler Use of a Non-reentrant Function
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
480 Use of Incorrect Operator
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
481 Assigning instead of Comparing
Major Common_Consequences
Minor None
482 Comparing instead of Assigning
Major Common_Consequences
Minor None
483 Incorrect Block Delimitation
Major Common_Consequences
Minor None
484 Omitted Break Statement in Switch
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
485 Insufficient Encapsulation
Major Common_Consequences
Minor None
486 Comparison of Classes by Name
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
487 Reliance on Package-level Scope
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
488 Exposure of Data Element to Wrong Session
Major Common_Consequences
Minor None
489 Leftover Debug Code
Major Common_Consequences
Minor None
491 Public cloneable() Method Without Final ('Object Hijack')
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
492 Use of Inner Class Containing Sensitive Data
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
493 Critical Public Variable Without Final Modifier
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
494 Download of Code Without Integrity Check
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
495 Private Array-Typed Field Returned From A Public Method
Major Common_Consequences
Minor None
496 Public Data Assigned to Private Array-Typed Field
Major Common_Consequences
Minor None
497 Exposure of System Data to an Unauthorized Control Sphere
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
498 Cloneable Class Containing Sensitive Information
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
499 Serializable Class Containing Sensitive Data
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
500 Public Static Field Not Marked Final
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
501 Trust Boundary Violation
Major Common_Consequences
Minor None
502 Deserialization of Untrusted Data
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
506 Embedded Malicious Code
Major Common_Consequences
Minor None
507 Trojan Horse
Major Common_Consequences
Minor None
508 Non-Replicating Malicious Code
Major Common_Consequences
Minor None
509 Replicating Malicious Code (Virus or Worm)
Major Common_Consequences
Minor None
510 Trapdoor
Major Common_Consequences
Minor None
511 Logic/Time Bomb
Major Common_Consequences
Minor None
512 Spyware
Major Common_Consequences
Minor None
514 Covert Channel
Major Common_Consequences
Minor None
515 Covert Storage Channel
Major Common_Consequences
Minor None
520 .NET Misconfiguration: Use of Impersonation
Major Common_Consequences
Minor None
521 Weak Password Requirements
Major Common_Consequences
Minor None
522 Insufficiently Protected Credentials
Major Common_Consequences
Minor None
523 Unprotected Transport of Credentials
Major Common_Consequences
Minor None
524 Information Exposure Through Caching
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
525 Information Exposure Through Browser Caching
Major Common_Consequences
Minor None
526 Information Exposure Through Environmental Variables
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
527 Exposure of CVS Repository to an Unauthorized Control Sphere
Major Common_Consequences
Minor None
528 Exposure of Core Dump File to an Unauthorized Control Sphere
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
529 Exposure of Access Control List Files to an Unauthorized Control Sphere
Major Common_Consequences
Minor None
530 Exposure of Backup File to an Unauthorized Control Sphere
Major Common_Consequences
Minor None
531 Information Exposure Through Test Code
Major Common_Consequences
Minor None
532 Information Exposure Through Log Files
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
533 Information Exposure Through Server Log Files
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
534 Information Exposure Through Debug Log Files
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
535 Information Exposure Through Shell Error Message
Major Common_Consequences
Minor None
536 Information Exposure Through Servlet Runtime Error Message
Major Common_Consequences, Other_Notes
Minor None
537 Information Exposure Through Java Runtime Error Message
Major Common_Consequences
Minor None
538 File and Directory Information Exposure
Major Common_Consequences
Minor None
539 Information Exposure Through Persistent Cookies
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
540 Information Exposure Through Source Code
Major Common_Consequences
Minor None
541 Information Exposure Through Include Source Code
Major Common_Consequences
Minor None
542 Information Exposure Through Cleanup Log Files
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
543 Use of Singleton Pattern Without Synchronization in a Multithreaded Context
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
544 Missing Standardized Error Handling Mechanism
Major Common_Consequences
Minor None
545 Use of Dynamic Class Loading
Major Common_Consequences
Minor None
546 Suspicious Comment
Major Common_Consequences
Minor None
547 Use of Hard-coded, Security-relevant Constants
Major Common_Consequences
Minor None
548 Information Exposure Through Directory Listing
Major Common_Consequences
Minor None
549 Missing Password Field Masking
Major Common_Consequences
Minor None
550 Information Exposure Through Server Error Message
Major Common_Consequences
Minor None
551 Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
Major Common_Consequences, Demonstrative_Examples, Description, Relationships
Minor None
552 Files or Directories Accessible to External Parties
Major Common_Consequences
Minor None
553 Command Shell in Externally Accessible Directory
Major Common_Consequences
Minor None
554 ASP.NET Misconfiguration: Not Using Input Validation Framework
Major Common_Consequences
Minor None
555 J2EE Misconfiguration: Plaintext Password in Configuration File
Major Common_Consequences
Minor None
556 ASP.NET Misconfiguration: Use of Identity Impersonation
Major Common_Consequences
Minor None
558 Use of getlogin() in Multithreaded Application
Major Common_Consequences
Minor None
560 Use of umask() with chmod-style Argument
Major Common_Consequences
Minor None
561 Dead Code
Major Common_Consequences
Minor None
562 Return of Stack Variable Address
Major Common_Consequences
Minor None
563 Unused Variable
Major Common_Consequences
Minor None
564 SQL Injection: Hibernate
Major Common_Consequences
Minor None
565 Reliance on Cookies without Validation and Integrity Checking
Major Common_Consequences
Minor None
566 Authorization Bypass Through User-Controlled SQL Primary Key
Major Common_Consequences
Minor None
567 Unsynchronized Access to Shared Data in a Multithreaded Context
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
568 finalize() Method Without super.finalize()
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
570 Expression is Always False
Major Common_Consequences
Minor None
571 Expression is Always True
Major Common_Consequences
Minor None
572 Call to Thread run() instead of start()
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
573 Improper Following of Specification by Caller
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
574 EJB Bad Practices: Use of Synchronization Primitives
Major Common_Consequences
Minor None
575 EJB Bad Practices: Use of AWT Swing
Major Common_Consequences
Minor None
576 EJB Bad Practices: Use of Java I/O
Major Common_Consequences
Minor None
577 EJB Bad Practices: Use of Sockets
Major Common_Consequences
Minor None
578 EJB Bad Practices: Use of Class Loader
Major Common_Consequences
Minor None
579 J2EE Bad Practices: Non-serializable Object Stored in Session
Major Common_Consequences
Minor None
580 clone() Method Without super.clone()
Major Common_Consequences
Minor None
581 Object Model Violation: Just One of Equals and Hashcode Defined
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
582 Array Declared Public, Final, and Static
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
583 finalize() Method Declared Public
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
584 Return Inside Finally Block
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
585 Empty Synchronized Block
Major Common_Consequences
Minor None
586 Explicit Call to Finalize()
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
587 Assignment of a Fixed Address to a Pointer
Major Common_Consequences
Minor None
588 Attempt to Access Child of a Non-structure Pointer
Major Common_Consequences
Minor None
589 Call to Non-ubiquitous API
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
590 Free of Memory not on the Heap
Major Common_Consequences
Minor None
591 Sensitive Data Storage in Improperly Locked Memory
Major Common_Consequences
Minor None
592 Authentication Bypass Issues
Major Common_Consequences
Minor None
593 Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
Major Common_Consequences
Minor None
594 J2EE Framework: Saving Unserializable Objects to Disk
Major Common_Consequences
Minor None
595 Comparison of Object References Instead of Object Contents
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
596 Incorrect Semantic Object Comparison
Major Common_Consequences
Minor None
597 Use of Wrong Operator in String Comparison
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
598 Information Exposure Through Query Strings in GET Request
Major Common_Consequences, Other_Notes
Minor None
599 Trust of OpenSSL Certificate Without Validation
Major Common_Consequences, Other_Notes
Minor None
600 Uncaught Exception in Servlet
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
601 URL Redirection to Untrusted Site ('Open Redirect')
Major Common_Consequences
Minor None
602 Client-Side Enforcement of Server-Side Security
Major Common_Consequences
Minor None
603 Use of Client-Side Authentication
Major Common_Consequences, Maintenance_Notes, Other_Notes
Minor None
605 Multiple Binds to the Same Port
Major Common_Consequences, Demonstrative_Examples
Minor None
606 Unchecked Input for Loop Condition
Major Common_Consequences
Minor None
607 Public Static Final Field References Mutable Object
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
608 Struts: Non-private Field in ActionForm Class
Major Common_Consequences
Minor None
609 Double-Checked Locking
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
610 Externally Controlled Reference to a Resource in Another Sphere
Major Common_Consequences
Minor None
611 Information Exposure Through XML External Entity Reference
Major Common_Consequences
Minor None
612 Information Exposure Through Indexing of Private Data
Major Common_Consequences
Minor None
613 Insufficient Session Expiration
Major Common_Consequences
Minor None
614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Major Common_Consequences
Minor None
615 Information Exposure Through Comments
Major Common_Consequences
Minor None
616 Incomplete Identification of Uploaded File Variables (PHP)
Major Common_Consequences
Minor Description
617 Reachable Assertion
Major Common_Consequences
Minor None
618 Exposed Unsafe ActiveX Method
Major Common_Consequences
Minor None
619 Dangling Database Cursor ('Cursor Injection')
Major Common_Consequences
Minor None
620 Unverified Password Change
Major Common_Consequences
Minor None
621 Variable Extraction Error
Major Common_Consequences
Minor None
622 Unvalidated Function Hook Arguments
Major Common_Consequences
Minor None
623 Unsafe ActiveX Control Marked Safe For Scripting
Major Common_Consequences
Minor None
624 Executable Regular Expression Error
Major Common_Consequences
Minor None
625 Permissive Regular Expression
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
626 Null Byte Interaction Error (Poison Null Byte)
Major Common_Consequences
Minor None
627 Dynamic Variable Evaluation
Major Common_Consequences
Minor None
628 Function Call with Incorrectly Specified Arguments
Major Common_Consequences
Minor None
636 Not Failing Securely ('Failing Open')
Major Common_Consequences
Minor None
637 Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')
Major Common_Consequences
Minor None
638 Not Using Complete Mediation
Major Common_Consequences, Relationships
Minor None
639 Authorization Bypass Through User-Controlled Key
Major Common_Consequences, Relationships
Minor None
640 Weak Password Recovery Mechanism for Forgotten Password
Major Common_Consequences
Minor None
641 Improper Restriction of Names for Files and Other Resources
Major Common_Consequences
Minor None
642 External Control of Critical State Data
Major Common_Consequences
Minor None
643 Improper Neutralization of Data within XPath Expressions ('XPath Injection')
Major Common_Consequences
Minor None
644 Improper Neutralization of HTTP Headers for Scripting Syntax
Major Common_Consequences
Minor None
645 Overly Restrictive Account Lockout Mechanism
Major Common_Consequences
Minor None
646 Reliance on File Name or Extension of Externally-Supplied File
Major Common_Consequences
Minor None
647 Use of Non-Canonical URL Paths for Authorization Decisions
Major Applicable_Platforms, Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
648 Incorrect Use of Privileged APIs
Major Common_Consequences
Minor None
649 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
Major Common_Consequences
Minor None
650 Trusting HTTP Permission Methods on the Server Side
Major Common_Consequences
Minor None
651 Information Exposure Through WSDL File
Major Common_Consequences
Minor None
652 Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
Major Common_Consequences
Minor None
653 Insufficient Compartmentalization
Major Common_Consequences
Minor None
654 Reliance on a Single Factor in a Security Decision
Major Common_Consequences, Maintenance_Notes, Other_Notes
Minor None
655 Insufficient Psychological Acceptability
Major Common_Consequences
Minor None
656 Reliance on Security Through Obscurity
Major Common_Consequences
Minor None
657 Violation of Secure Design Principles
Major Common_Consequences
Minor None
662 Improper Synchronization
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
663 Use of a Non-reentrant Function in a Concurrent Context
Major Common_Consequences
Minor None
664 Improper Control of a Resource Through its Lifetime
Major Common_Consequences, Relationships
Minor None
665 Improper Initialization
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
666 Operation on Resource in Wrong Phase of Lifetime
Major Common_Consequences
Minor None
667 Improper Locking
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
668 Exposure of Resource to Wrong Sphere
Major Common_Consequences
Minor None
669 Incorrect Resource Transfer Between Spheres
Major Common_Consequences
Minor None
670 Always-Incorrect Control Flow Implementation
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
671 Lack of Administrator Control over Security
Major Common_Consequences
Minor None
672 Operation on a Resource after Expiration or Release
Major Common_Consequences
Minor None
673 External Influence of Sphere Definition
Major Common_Consequences
Minor None
674 Uncontrolled Recursion
Major Common_Consequences
Minor None
675 Duplicate Operations on Resource
Major Common_Consequences
Minor None
676 Use of Potentially Dangerous Function
Major Common_Consequences
Minor None
680 Integer Overflow to Buffer Overflow
Major Common_Consequences
Minor None
681 Incorrect Conversion between Numeric Types
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
682 Incorrect Calculation
Major Common_Consequences
Minor None
683 Function Call With Incorrect Order of Arguments
Major Common_Consequences
Minor None
684 Incorrect Provision of Specified Functionality
Major Common_Consequences
Minor None
685 Function Call With Incorrect Number of Arguments
Major Common_Consequences
Minor None
686 Function Call With Incorrect Argument Type
Major Common_Consequences
Minor None
687 Function Call With Incorrectly Specified Argument Value
Major Common_Consequences
Minor None
688 Function Call With Incorrect Variable or Reference as Argument
Major Common_Consequences
Minor None
689 Permission Race Condition During Resource Copy
Major Common_Consequences
Minor None
690 Unchecked Return Value to NULL Pointer Dereference
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
691 Insufficient Control Flow Management
Major Common_Consequences
Minor None
692 Incomplete Blacklist to Cross-Site Scripting
Major Common_Consequences
Minor None
693 Protection Mechanism Failure
Major Common_Consequences
Minor None
694 Use of Multiple Resources with Duplicate Identifier
Major Common_Consequences
Minor None
695 Use of Low-Level Functionality
Major Common_Consequences
Minor None
696 Incorrect Behavior Order
Major Common_Consequences
Minor None
697 Insufficient Comparison
Major Common_Consequences
Minor None
698 Redirect Without Exit
Major Common_Consequences
Minor None
703 Improper Check or Handling of Exceptional Conditions
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
704 Incorrect Type Conversion or Cast
Major Common_Consequences, Relationships
Minor None
705 Incorrect Control Flow Scoping
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
706 Use of Incorrectly-Resolved Name or Reference
Major Common_Consequences
Minor None
707 Improper Enforcement of Message or Data Structure
Major Common_Consequences
Minor None
708 Incorrect Ownership Assignment
Major Common_Consequences, Maintenance_Notes, Other_Notes
Minor None
710 Coding Standards Violation
Major Common_Consequences
Minor None
732 Incorrect Permission Assignment for Critical Resource
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
733 Compiler Optimization Removal or Modification of Security-critical Code
Major Common_Consequences
Minor None
749 Exposed Dangerous Method or Function
Major Common_Consequences
Minor None
754 Improper Check for Unusual or Exceptional Conditions
Major Common_Consequences
Minor None
755 Improper Handling of Exceptional Conditions
Major Common_Consequences
Minor None
756 Missing Custom Error Page
Major Common_Consequences
Minor None
757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
Major Common_Consequences
Minor None
758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
Major Common_Consequences
Minor None
759 Use of a One-Way Hash without a Salt
Major Common_Consequences
Minor None
760 Use of a One-Way Hash with a Predictable Salt
Major Common_Consequences
Minor None
761 Free of Pointer not at Start of Buffer
Major Common_Consequences
Minor None
762 Mismatched Memory Management Routines
Major Common_Consequences
Minor None
763 Release of Invalid Pointer or Reference
Major Common_Consequences
Minor None
764 Multiple Locks of a Critical Resource
Major Common_Consequences
Minor None
765 Multiple Unlocks of a Critical Resource
Major Common_Consequences
Minor None
766 Critical Variable Declared Public
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
767 Access to Critical Private Variable via Public Method
Major Common_Consequences
Minor None
770 Allocation of Resources Without Limits or Throttling
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
771 Missing Reference to Active Allocated Resource
Major Common_Consequences
Minor None
772 Missing Release of Resource after Effective Lifetime
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
773 Missing Reference to Active File Descriptor or Handle
Major Common_Consequences
Minor None
774 Allocation of File Descriptors or Handles Without Limits or Throttling
Major Common_Consequences
Minor None
775 Missing Release of File Descriptor or Handle after Effective Lifetime
Major Common_Consequences
Minor None
776 Unrestricted Recursive Entity References in DTDs ('XML Bomb')
Major Common_Consequences
Minor None
777 Regular Expression without Anchors
Major Common_Consequences
Minor None
778 Insufficient Logging
Major Common_Consequences
Minor None
779 Logging of Excessive Data
Major Common_Consequences
Minor None
780 Use of RSA Algorithm without OAEP
Major Common_Consequences
Minor None
781 Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
Major Common_Consequences
Minor None
784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision
Major Common_Consequences
Minor None
785 Use of Path Manipulation Function without Maximum-sized Buffer
Major Common_Consequences
Minor None
786 Access of Memory Location Before Start of Buffer
Major Common_Consequences
Minor None
787 Out-of-bounds Write
Major Common_Consequences
Minor None
788 Access of Memory Location After End of Buffer
Major Common_Consequences
Minor None
789 Uncontrolled Memory Allocation
Major Common_Consequences
Minor None
790 Improper Filtering of Special Elements
Major Common_Consequences
Minor None
791 Incomplete Filtering of Special Elements
Major Common_Consequences
Minor None
792 Incomplete Filtering of One or More Instances of Special Elements
Major Common_Consequences
Minor None
793 Only Filtering One Instance of a Special Element
Major Common_Consequences
Minor None
794 Incomplete Filtering of Multiple Instances of Special Elements
Major Common_Consequences
Minor None
795 Only Filtering Special Elements at a Specified Location
Major Common_Consequences
Minor Description
796 Only Filtering Special Elements Relative to a Marker
Major Common_Consequences
Minor None
797 Only Filtering Special Elements at an Absolute Position
Major Common_Consequences
Minor None
798 Use of Hard-coded Credentials
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
799 Improper Control of Interaction Frequency
Major Common_Consequences
Minor None
804 Guessable CAPTCHA
Major Common_Consequences, Relationships
Minor None
805 Buffer Access with Incorrect Length Value
Major Common_Consequences
Minor None
806 Buffer Access Using Size of Source Buffer
Major Common_Consequences
Minor None
807 Reliance on Untrusted Inputs in a Security Decision
Major Common_Consequences
Minor None
820 Missing Synchronization
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
821 Incorrect Synchronization
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
822 Untrusted Pointer Dereference
Major Common_Consequences
Minor None
823 Use of Out-of-range Pointer Offset
Major Common_Consequences
Minor None
826 Premature Release of Resource During Expected Lifetime
Major Common_Consequences
Minor None
827 Improper Control of Document Type Definition
Major Common_Consequences
Minor None
828 Signal Handler with Functionality that is not Asynchronous-Safe
Major Common_Consequences
Minor None
829 Inclusion of Functionality from Untrusted Control Sphere
Major Common_Consequences
Minor None
830 Inclusion of Web Functionality from an Untrusted Source
Major Common_Consequences
Minor None
831 Signal Handler Function Associated with Multiple Signals
Major Common_Consequences
Minor None
832 Unlock of a Resource that is not Locked
Major Common_Consequences
Minor None
833 Deadlock
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
834 Excessive Iteration
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
835 Loop with Unreachable Exit Condition ('Infinite Loop')
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
836 Use of Password Hash Instead of Password for Authentication
Major Common_Consequences
Minor None
838 Inappropriate Encoding for Output Context
Major Common_Consequences, Relationships, Taxonomy_Mappings
Minor None
839 Numeric Range Comparison Without Minimum Check
Major Common_Consequences
Minor None
841 Improper Enforcement of Behavioral Workflow
Major Common_Consequences
Minor None
842 Placement of User into Incorrect Group
Major Common_Consequences
Minor None
Page Last Updated: January 05, 2017