DATASHEET
CWE Weakness Enforcement (2022)
ENFORCEMENT FOR KW 2024.2
CWE enforcement is measured against defined lists of weaknesses which do not all apply to every language.
2022 CWE Top 25 Most Dangerous Software Weaknesses
https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html
Rank | CWE ID | Description | Enforced C/C++ | Enforced C# | Enforced Java |
|---|---|---|---|---|---|
[1] | Out-of-bounds Write | Yes | Yes | No | |
[2] | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Yes | Yes | Yes | |
[3] | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | Yes | Yes | Yes | |
[4] | Improper Input Validation | Yes | Yes | Yes | |
[5] | Out-of-bounds Read | Yes | Yes | No | |
[6] | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | Yes | Yes | Yes | |
[7] | Use After Free | Yes | Yes | No | |
[8] | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | Yes | Yes | Yes | |
[9] | Cross-Site Request Forgery (CSRF) | No | Yes | Yes | |
[10] | Unrestricted Upload of File with Dangerous Type | No | No | Yes | |
[11] | NULL Pointer Dereference | Yes | Yes | Yes | |
[12] | Deserialization of Untrusted Data | No | Yes | Yes | |
[13] | Integer Overflow or Wraparound | Yes | Yes | Yes | |
[14] | Improper Authentication | Yes | Yes | Yes | |
[15] | Use of Hard-coded Credentials | Yes | Yes | Yes | |
[16] | Missing Authorization | No | Yes | Yes | |
[17] | Improper Neutralization of Special Elements used in a Command ('Command Injection') | Yes | Yes | Yes | |
[18] | Missing Authentication for Critical Function | No | No | Yes | |
[19] | Improper Restriction of Operations within the Bounds of a Memory Buffer | Yes | Yes | No | |
[20] | Incorrect Default Permissions | Yes | Yes | Yes | |
[21] | Server-Side Request Forgery (SSRF) | No | No | Yes | |
[22] | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') | Yes | Yes | No | |
[23] | Uncontrolled Resource Consumption | Yes | Yes | Yes | |
[24] | Improper Restriction of XML External Entity Reference | Yes | Yes | Yes | |
[25] | Improper Control of Generation of Code ('Code Injection') | Yes | Yes | Yes |