CWE-9 – J2EE Misconfiguration: Weak Access Permissions for EJB Methods
Description If elevated access rights are assigned to EJB methods, then an attacker can take advantage of the permissions to exploit the software system. If...
CWE-89 – Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
Description The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly...
CWE-88 – Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’)
Description The software constructs a string for a command to executed by a separate component in another control sphere, but it does not properly delimit...
CWE-87 – Improper Neutralization of Alternate XSS Syntax
Description The software does not neutralize or incorrectly neutralizes user-controlled input for alternate script syntax. Modes of Introduction: - Implementation Likelihood of Exploit: Related...
CWE-863 – Incorrect Authorization
Description The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform...
CWE-862 – Missing Authorization
Description The software does not perform an authorization check when an actor attempts to access a resource or perform an action. An access control list...
CWE-86 – Improper Neutralization of Invalid Characters in Identifiers in Web Pages
Description The software does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers....
CWE-85 – Doubled Character XSS Manipulations
Description The web application does not filter user-controlled input for executable script disguised using doubling of the involved characters. Modes of Introduction: - Implementation Likelihood...
CWE-843 – Access of Resource Using Incompatible Type (‘Type Confusion’)
Description The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using...
CWE-842 – Placement of User into Incorrect Group
Description The software or the administrator places a user into an incorrect group. If the incorrect group has more access or privileges than the intended...
