CWE-917 – Improper Neutralization of Special Elements used in an Expression Language Statement (‘Expression Language Injection’)
Description The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream...
CWE-918 – Server-Side Request Forgery (SSRF)
Description The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not...
CWE-92 – DEPRECATED: Improper Sanitization of Custom Special Characters
Description This entry has been deprecated. It originally came from PLOVER, which sometimes defined "other" and "miscellaneous" categories in order to satisfy exhaustiveness requirements for...
CWE-920 – Improper Restriction of Power Consumption
Description The software operates in an environment in which power is a limited resource that cannot be automatically replenished, but the software does not properly...
CWE-921 – Storage of Sensitive Data in a Mechanism without Access Control
Description The software stores sensitive information in a file system or device that does not have built-in access control. Modes of Introduction: - Architecture and...
CWE-922 – Insecure Storage of Sensitive Information
Description The software stores sensitive information without properly limiting read or write access by unauthorized actors. If read access is not properly restricted, then attackers...
CWE-923 – Improper Restriction of Communication Channel to Intended Endpoints
Description The software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it...
CWE-924 – Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Description The software establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the...
CWE-925 – Improper Verification of Intent by Broadcast Receiver
Description The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source....
CWE-926 – Improper Export of Android Application Components
Description The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access...