DATASHEET

CWE Weakness Enforcement (2021)

ENFORCEMENT FOR KW 2024.2

CWE enforcement is measured against defined lists of weaknesses which do not all apply to every language.

2021 CWE Top 25 Most Dangerous Software Weaknesses

https://cwe.mitre.org/top25/archive/2021/2021_cwe_top25.html

Rank

CWE ID

Description

Enforced C/C++

Enforced C#

Enforced Java

[1]

CWE-787

Out-of-bounds Write

Yes

Yes

No

[2]

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Yes

Yes

Yes

[3]

CWE-125

Out-of-bounds Read

Yes

Yes

No

[4]

CWE-20

Improper Input Validation

Yes

Yes

Yes

[5]

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Yes

Yes

Yes

[6]

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Yes

Yes

Yes

[7]

CWE-416

Use After Free

Yes

Yes

No

[8]

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Yes

Yes

Yes

[9]

CWE-352

Cross-Site Request Forgery (CSRF)

No

Yes

Yes

[10]

CWE-434

Unrestricted Upload of File with Dangerous Type

No

No

Yes

[11]

CWE-306

Missing Authentication for Critical Function

No

No

Yes

[12]

CWE-190

Integer Overflow or Wraparound

Yes

Yes

Yes

[13]

CWE-502

Deserialization of Untrusted Data

No

Yes

Yes

[14]

CWE-287

Improper Authentication

Yes

No

Yes

[15]

CWE-476

NULL Pointer Dereference

Yes

Yes

Yes

[16]

CWE-798

Use of Hard-coded Credentials

Yes

Yes

Yes

[17]

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Yes

Yes

No

[18]

CWE-862

Missing Authorization

No

Yes

Yes

[19]

CWE-276

Incorrect Default Permissions

Yes

No

Yes

[20]

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Yes

Yes

Yes

[21]

CWE-522

Insufficiently Protected Credentials

No

No

Yes

[22]

CWE-732

Incorrect Permission Assignment for Critical Resource

Yes

Yes

Yes

[23]

CWE-611

Improper Restriction of XML External Entity Reference

Yes

Yes

Yes

[24]

CWE-918

Server-Side Request Forgery (SSRF)

No

No

Yes

[25]

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Yes

Yes

Yes