CWE - Differences between Version 4.9 and Version 4.10

Home > CWE List > Reports > Differences between Version 4.9 and Version 4.10

Differences between Version 4.9 and Version 4.10

Summary | Field Change Summary | Important Changes | Detailed Difference Report

Summary

Total weaknesses/chains/composites (Version 4.10)	933
Total weaknesses/chains/composites (Version 4.9)	933
Total new	1
Total deprecated	1
Total with major changes	642
Total with only minor changes
Total unchanged	752

Summary of Entry Types

Type	Version 4.9	Version 4.10
Weakness	933	933
Category	352	352
View	47	47
Deprecated	63	64
Total	1395	1396

Field Change Summary

Any change with respect to whitespace is ignored. "Minor" changes are text changes that only affect capitalization and punctuation. Most other changes are marked as "Major." Simple schema changes are treated as Minor, such as the change from AffectedResource to Affected_Resource in Draft 8, or the relationship name change from "IsRequiredBy" to "RequiredBy" in Version 1.0. For each mutual relationship between nodes A and B (such as ParentOf and ChildOf), a relationship change is noted for both A and B.

Field	Major	Minor
Name	3	0
Description	562	1
Relationships	65	0
Applicable_Platforms	41	0
Modes_of_Introduction	9	0
Detection_Factors	11	0
Potential_Mitigations	71	0
Demonstrative_Examples	28	0
Observed_Examples	20	0
Related_Attack_Patterns	43	0
Weakness_Ordinalities	0	0
Time_of_Introduction	3	0
Likelihood_of_Exploit	0	0
References	15	0
Common_Consequences	28	0
Terminology_Notes	1	0
Alternate_Terms	6	0
Relationship_Notes	26	0
Taxonomy_Mappings	9	0
Maintenance_Notes	39	0
Research_Gaps	0	0
Background_Details	2	0
Theoretical_Notes	1	0
Other_Notes	0	0
View_Type	0	0
View_Structure	0	0
View_Filter	0	0
View_Audience	0	0
Type	6	0
Source_Taxonomy	0	0

Form and Abstraction Changes

From	To	Total	CWE IDs
Unchanged		1389
Weakness/Base	Deprecated	1	1324
Weakness/Base	Weakness/Class	2	346, 602
Weakness/Variant	Weakness/Base	3	289, 301, 302

Status Changes

From	To	Total
Unchanged		1394
Draft	Deprecated	1

Relationship Changes

The "Version 4.10 Total" lists the total number of relationships in Version 4.10. The "Shared" value is the total number of relationships in entries that were in both Version 4.10 and Version 4.9. The "New" value is the total number of relationships involving entries that did not exist in Version 4.9. Thus, the total number of relationships in Version 4.10 would combine stats from Shared entries and New entries.

Relationship	Version 4.10 Total	Version 4.9 Total	Version 4.10 Shared	Unchanged	Added to Version 4.10	Removed from Version 4.9	Version 4.10 New
ALL	10362	10322	10360	10290	70	32	2
ChildOf	4287	4269	4286	4253	33	16	1
ParentOf	4287	4269	4286	4253	33	16	1
MemberOf	643	643	643	643
HasMember	643	643	643	643
CanPrecede	137	136	137	136	1
CanFollow	137	136	137	136	1
StartsWith	3	3	3	3
Requires	13	13	13	13
RequiredBy	13	13	13	13
CanAlsoBe	27	27	27	27
PeerOf	172	170	172	170	2

Nodes Removed from Version 4.9

CWE-ID	CWE Name
None.

Nodes Added to Version 4.10

CWE-ID	CWE Name
1395	Dependency on Vulnerable Third-Party Component

Nodes Deprecated in Version 4.10

CWE-ID	CWE Name
1324	DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface

Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D	Description
N	Name
R	Relationships

D			7	J2EE Misconfiguration: Missing Custom Error Page
D			9	J2EE Misconfiguration: Weak Access Permissions for EJB Methods
		R	15	External Control of System or Configuration Setting
D			22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
D			23	Relative Path Traversal
D			24	Path Traversal: '../filedir'
D			25	Path Traversal: '/../filedir'
D			26	Path Traversal: '/dir/../filename'
D			27	Path Traversal: 'dir/../../filename'
D			28	Path Traversal: '..\filedir'
D			29	Path Traversal: '\..\filename'
D			30	Path Traversal: '\dir\..\filename'
D			31	Path Traversal: 'dir\..\..\filename'
D			32	Path Traversal: '...' (Triple Dot)
D			33	Path Traversal: '....' (Multiple Dot)
D			34	Path Traversal: '....//'
D			35	Path Traversal: '.../...//'
D			36	Absolute Path Traversal
D			37	Path Traversal: '/absolute/pathname/here'
D			38	Path Traversal: '\absolute\pathname\here'
D			39	Path Traversal: 'C:dirname'
D			40	Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
D			41	Improper Resolution of Path Equivalence
D			42	Path Equivalence: 'filename.' (Trailing Dot)
D			43	Path Equivalence: 'filename....' (Multiple Trailing Dot)
D			44	Path Equivalence: 'file.name' (Internal Dot)
D			45	Path Equivalence: 'file...name' (Multiple Internal Dot)
D			46	Path Equivalence: 'filename ' (Trailing Space)
D			47	Path Equivalence: ' filename' (Leading Space)
D			48	Path Equivalence: 'file name' (Internal Whitespace)
D			49	Path Equivalence: 'filename/' (Trailing Slash)
D			50	Path Equivalence: '//multiple/leading/slash'
D			51	Path Equivalence: '/multiple//internal/slash'
D			52	Path Equivalence: '/multiple/trailing/slash//'
D			53	Path Equivalence: '\multiple\\internal\backslash'
D			54	Path Equivalence: 'filedir\' (Trailing Backslash)
D			55	Path Equivalence: '/./' (Single Dot Directory)
D			56	*Path Equivalence: 'filedir' (Wildcard)**
D			57	Path Equivalence: 'fakedir/../realdir/filename'
D			58	Path Equivalence: Windows 8.3 Filename
D			59	Improper Link Resolution Before File Access ('Link Following')
D			61	UNIX Symbolic Link (Symlink) Following
D			62	UNIX Hard Link
D			64	Windows Shortcut Following (.LNK)
D			65	Windows Hard Link
D			67	Improper Handling of Windows Device Names
D			69	Improper Handling of Windows ::DATA Alternate Data Stream
D			72	Improper Handling of Apple HFS+ Alternate Data Stream Path
D			73	External Control of File Name or Path
D			74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
D			75	Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
D			76	Improper Neutralization of Equivalent Special Elements
D			77	Improper Neutralization of Special Elements used in a Command ('Command Injection')
D			78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
D			79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
D			80	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
D			81	Improper Neutralization of Script in an Error Message Web Page
D			83	Improper Neutralization of Script in Attributes in a Web Page
D			86	Improper Neutralization of Invalid Characters in Identifiers in Web Pages
D			87	Improper Neutralization of Alternate XSS Syntax
D			88	Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
D			89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
D			90	Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
D			91	XML Injection (aka Blind XPath Injection)
D			93	Improper Neutralization of CRLF Sequences ('CRLF Injection')
D		R	94	Improper Control of Generation of Code ('Code Injection')
D			95	Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
D			96	Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
D			97	Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
D			98	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
D			99	Improper Control of Resource Identifiers ('Resource Injection')
D			102	Struts: Duplicate Validation Forms
D			103	Struts: Incomplete validate() Method Definition
D			105	Struts: Form Field Without Validator
D			112	Missing XML Validation
D			113	Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
D			114	Process Control
D			115	Misinterpretation of Input
D			116	Improper Encoding or Escaping of Output
D			117	Improper Output Neutralization for Logs
D			118	Incorrect Access of Indexable Resource ('Range Error')
D			119	Improper Restriction of Operations within the Bounds of a Memory Buffer
D			120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
D			124	Buffer Underwrite ('Buffer Underflow')
D			125	Out-of-bounds Read
D			126	Buffer Over-read
D			127	Buffer Under-read
D			130	Improper Handling of Length Parameter Inconsistency
D			131	Incorrect Calculation of Buffer Size
D			134	Use of Externally-Controlled Format String
D			135	Incorrect Calculation of Multi-Byte String Length
D			138	Improper Neutralization of Special Elements
D			140	Improper Neutralization of Delimiters
D			141	Improper Neutralization of Parameter/Argument Delimiters
D			142	Improper Neutralization of Value Delimiters
D			143	Improper Neutralization of Record Delimiters
D			144	Improper Neutralization of Line Delimiters
D			145	Improper Neutralization of Section Delimiters
D			146	Improper Neutralization of Expression/Command Delimiters
D			147	Improper Neutralization of Input Terminators
D			148	Improper Neutralization of Input Leaders
D			149	Improper Neutralization of Quoting Syntax
D			150	Improper Neutralization of Escape, Meta, or Control Sequences
D			151	Improper Neutralization of Comment Delimiters
D			152	Improper Neutralization of Macro Symbols
D			153	Improper Neutralization of Substitution Characters
D			154	Improper Neutralization of Variable Name Delimiters
D			155	Improper Neutralization of Wildcards or Matching Symbols
D			156	Improper Neutralization of Whitespace
D			157	Failure to Sanitize Paired Delimiters
D			158	Improper Neutralization of Null Byte or NUL Character
D			160	Improper Neutralization of Leading Special Elements
D			161	Improper Neutralization of Multiple Leading Special Elements
D			162	Improper Neutralization of Trailing Special Elements
D			163	Improper Neutralization of Multiple Trailing Special Elements
D			164	Improper Neutralization of Internal Special Elements
D			165	Improper Neutralization of Multiple Internal Special Elements
D			166	Improper Handling of Missing Special Element
D			167	Improper Handling of Additional Special Element
D			168	Improper Handling of Inconsistent Special Elements
D			170	Improper Null Termination
D			172	Encoding Error
D			173	Improper Handling of Alternate Encoding
D			174	Double Decoding of the Same Data
D			175	Improper Handling of Mixed Encoding
D			176	Improper Handling of Unicode Encoding
D			177	Improper Handling of URL Encoding (Hex Encoding)
D			178	Improper Handling of Case Sensitivity
D			179	Incorrect Behavior Order: Early Validation
D			180	Incorrect Behavior Order: Validate Before Canonicalize
D			181	Incorrect Behavior Order: Validate Before Filter
D			182	Collapse of Data into Unsafe Value
D			185	Incorrect Regular Expression
D			187	Partial String Comparison
D			188	Reliance on Data/Memory Layout
D			190	Integer Overflow or Wraparound
D			194	Unexpected Sign Extension
D			195	Signed to Unsigned Conversion Error
D			196	Unsigned to Signed Conversion Error
D			198	Use of Incorrect Byte Ordering
D			209	Generation of Error Message Containing Sensitive Information
D			210	Self-generated Error Message Containing Sensitive Information
D			211	Externally-Generated Error Message Containing Sensitive Information
D			212	Improper Removal of Sensitive Information Before Storage or Transfer
D		R	214	Invocation of Process Using Visible Sensitive Information
D			215	Insertion of Sensitive Information Into Debugging Code
D			219	Storage of File with Sensitive Data Under Web Root
D			220	Storage of File With Sensitive Data Under FTP Root
D			221	Information Loss or Omission
D			222	Truncation of Security-relevant Information
D			223	Omission of Security-relevant Information
D			224	Obscured Security-relevant Information by Alternate Name
D			229	Improper Handling of Values
D			230	Improper Handling of Missing Values
D			231	Improper Handling of Extra Values
D			232	Improper Handling of Undefined Values
D			233	Improper Handling of Parameters
D			235	Improper Handling of Extra Parameters
D			236	Improper Handling of Undefined Parameters
D			237	Improper Handling of Structural Elements
D			238	Improper Handling of Incomplete Structural Elements
D			239	Failure to Handle Incomplete Element
D			240	Improper Handling of Inconsistent Structural Elements
D			241	Improper Handling of Unexpected Data Type
D			242	Use of Inherently Dangerous Function
D			243	Creation of chroot Jail Without Changing Working Directory
D			250	Execution with Unnecessary Privileges
D			252	Unchecked Return Value
D			253	Incorrect Check of Function Return Value
D			259	Use of Hard-coded Password
D			260	Password in Configuration File
		R	261	Weak Encoding for Password
D			269	Improper Privilege Management
D			270	Privilege Context Switching Error
D			271	Privilege Dropping / Lowering Errors
D			273	Improper Check for Dropped Privileges
D		R	274	Improper Handling of Insufficient Privileges
D			279	Incorrect Execution-Assigned Permissions
D			280	Improper Handling of Insufficient Permissions or Privileges
D			281	Improper Preservation of Permissions
D			282	Improper Ownership Management
D			283	Unverified Ownership
D		R	284	Improper Access Control
D			285	Improper Authorization
D			286	Incorrect User Management
D			287	Improper Authentication
D			289	Authentication Bypass by Alternate Name
D			290	Authentication Bypass by Spoofing
D			291	Reliance on IP Address for Authentication
D			294	Authentication Bypass by Capture-replay
D			295	Improper Certificate Validation
D			296	Improper Following of a Certificate's Chain of Trust
D			297	Improper Validation of Certificate with Host Mismatch
D			299	Improper Check for Certificate Revocation
		R	300	Channel Accessible by Non-Endpoint
D		R	303	Incorrect Implementation of Authentication Algorithm
D		R	304	Missing Critical Step in Authentication
		R	306	Missing Authentication for Critical Function
D			311	Missing Encryption of Sensitive Data
D		R	312	Cleartext Storage of Sensitive Information
D			313	Cleartext Storage in a File or on Disk
D			314	Cleartext Storage in the Registry
D			315	Cleartext Storage of Sensitive Information in a Cookie
D			316	Cleartext Storage of Sensitive Information in Memory
D			317	Cleartext Storage of Sensitive Information in GUI
D			318	Cleartext Storage of Sensitive Information in Executable
D		R	319	Cleartext Transmission of Sensitive Information
D		R	322	Key Exchange without Entity Authentication
D		R	326	Inadequate Encryption Strength
D			327	Use of a Broken or Risky Cryptographic Algorithm
D			330	Use of Insufficiently Random Values
D			331	Insufficient Entropy
D			335	Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
D			343	Predictable Value Range from Previous Values
D			345	Insufficient Verification of Data Authenticity
D			346	Origin Validation Error
D			347	Improper Verification of Cryptographic Signature
D			348	Use of Less Trusted Source
D			349	Acceptance of Extraneous Untrusted Data With Trusted Data
D			350	Reliance on Reverse DNS Resolution for a Security-Critical Action
D			351	Insufficient Type Distinction
D			353	Missing Support for Integrity Check
D			354	Improper Validation of Integrity Check Value
D			356	Product UI does not Warn User of Unsafe Actions
D			358	Improperly Implemented Security Check for Standard
D			362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
D			363	Race Condition Enabling Link Following
D			364	Signal Handler Race Condition
D			367	Time-of-check Time-of-use (TOCTOU) Race Condition
D			370	Missing Check for Certificate Revocation after Initial Check
D			372	Incomplete Internal State Distinction
D			374	Passing Mutable Objects to an Untrusted Method
D			379	Creation of Temporary File in Directory with Insecure Permissions
D			390	Detection of Error Condition Without Action
D			392	Missing Report of Error Condition
D			393	Return of Wrong Status Code
D			394	Unexpected Status Code or Return Value
D			400	Uncontrolled Resource Consumption
D			401	Missing Release of Memory after Effective Lifetime
D			402	Transmission of Private Resources into a New Sphere ('Resource Leak')
D			404	Improper Resource Shutdown or Release
D			405	Asymmetric Resource Consumption (Amplification)
D			406	Insufficient Control of Network Message Volume (Network Amplification)
D			408	Incorrect Behavior Order: Early Amplification
D			409	Improper Handling of Highly Compressed Data (Data Amplification)
D			410	Insufficient Resource Pool
D			412	Unrestricted Externally Accessible Lock
D			413	Improper Resource Locking
D			419	Unprotected Primary Channel
D			420	Unprotected Alternate Channel
D			422	Unprotected Windows Messaging Channel ('Shatter')
D			426	Untrusted Search Path
D			427	Uncontrolled Search Path Element
D			432	Dangerous Signal Handler not Disabled During Sensitive Operations
D			433	Unparsed Raw Web Content Delivery
D			434	Unrestricted Upload of File with Dangerous Type
		R	440	Expected Behavior Violation
D			446	UI Discrepancy for Security Feature
D			451	User Interface (UI) Misrepresentation of Critical Information
D			453	Insecure Default Variable Initialization
D			454	External Initialization of Trusted Variables or Data Stores
D			455	Non-exit on Failed Initialization
D			456	Missing Initialization of a Variable
D			459	Incomplete Cleanup
D			469	Use of Pointer Subtraction to Determine Size
D		R	470	Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
D			471	Modification of Assumed-Immutable Data (MAID)
D			479	Signal Handler Use of a Non-reentrant Function
D			480	Use of Incorrect Operator
D			484	Omitted Break Statement in Switch
D			486	Comparison of Classes by Name
D		R	489	Active Debug Code
D		R	497	Exposure of Sensitive System Information to an Unauthorized Control Sphere
D			502	Deserialization of Untrusted Data
D			506	Embedded Malicious Code
D			507	Trojan Horse
D			508	Non-Replicating Malicious Code
D			509	Replicating Malicious Code (Virus or Worm)
D			511	Logic/Time Bomb
D			512	Spyware
		R	522	Insufficiently Protected Credentials
D	N	R	526	Cleartext Storage of Sensitive Information in an Environment Variable
D			543	Use of Singleton Pattern Without Synchronization in a Multithreaded Context
D			544	Missing Standardized Error Handling Mechanism
D			547	Use of Hard-coded, Security-relevant Constants
D			549	Missing Password Field Masking
D			552	Files or Directories Accessible to External Parties
D			558	Use of getlogin() in Multithreaded Application
D			561	Dead Code
D			565	Reliance on Cookies without Validation and Integrity Checking
D			566	Authorization Bypass Through User-Controlled SQL Primary Key
D			568	finalize() Method Without super.finalize()
D			570	Expression is Always False
D			571	Expression is Always True
D			572	Call to Thread run() instead of start()
D			573	Improper Following of Specification by Caller
D			574	EJB Bad Practices: Use of Synchronization Primitives
D			575	EJB Bad Practices: Use of AWT Swing
D			576	EJB Bad Practices: Use of Java I/O
D			577	EJB Bad Practices: Use of Sockets
D			578	EJB Bad Practices: Use of Class Loader
D			579	J2EE Bad Practices: Non-serializable Object Stored in Session
D			580	clone() Method Without super.clone()
D			581	Object Model Violation: Just One of Equals and Hashcode Defined
D			582	Array Declared Public, Final, and Static
D			583	finalize() Method Declared Public
D			585	Empty Synchronized Block
D			586	Explicit Call to Finalize()
D			587	Assignment of a Fixed Address to a Pointer
D			589	Call to Non-ubiquitous API
D			590	Free of Memory not on the Heap
D			591	Sensitive Data Storage in Improperly Locked Memory
D			593	Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
D			595	Comparison of Object References Instead of Object Contents
D			599	Missing Validation of OpenSSL Certificate
		R	602	Client-Side Enforcement of Server-Side Security
		R	603	Use of Client-Side Authentication
D			609	Double-Checked Locking
D			611	Improper Restriction of XML External Entity Reference
		R	623	Unsafe ActiveX Control Marked Safe For Scripting
D			637	Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')
D		R	638	Not Using Complete Mediation
D			640	Weak Password Recovery Mechanism for Forgotten Password
D			641	Improper Restriction of Names for Files and Other Resources
D			642	External Control of Critical State Data
D			643	Improper Neutralization of Data within XPath Expressions ('XPath Injection')
D			644	Improper Neutralization of HTTP Headers for Scripting Syntax
D			645	Overly Restrictive Account Lockout Mechanism
D			646	Reliance on File Name or Extension of Externally-Supplied File
D			647	Use of Non-Canonical URL Paths for Authorization Decisions
D			648	Incorrect Use of Privileged APIs
D			649	Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
D			652	Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
D			655	Insufficient Psychological Acceptability
D			656	Reliance on Security Through Obscurity
		R	657	Violation of Secure Design Principles
D			662	Improper Synchronization
D			663	Use of a Non-reentrant Function in a Concurrent Context
D		R	664	Improper Control of a Resource Through its Lifetime
D		R	665	Improper Initialization
D			666	Operation on Resource in Wrong Phase of Lifetime
D			667	Improper Locking
D			672	Operation on a Resource after Expiration or Release
D		R	674	Uncontrolled Recursion
D			676	Use of Potentially Dangerous Function
D			682	Incorrect Calculation
D			683	Function Call With Incorrect Order of Arguments
D			684	Incorrect Provision of Specified Functionality
D			685	Function Call With Incorrect Number of Arguments
D			686	Function Call With Incorrect Argument Type
D			687	Function Call With Incorrectly Specified Argument Value
D			688	Function Call With Incorrect Variable or Reference as Argument
		R	691	Insufficient Control Flow Management
		R	693	Protection Mechanism Failure
D			694	Use of Multiple Resources with Duplicate Identifier
D			695	Use of Low-Level Functionality
D			697	Incorrect Comparison
D		R	703	Improper Check or Handling of Exceptional Conditions
D			704	Incorrect Type Conversion or Cast
D			705	Incorrect Control Flow Scoping
D			706	Use of Incorrectly-Resolved Name or Reference
D			708	Incorrect Ownership Assignment
D			710	Improper Adherence to Coding Standards
D			732	Incorrect Permission Assignment for Critical Resource
D		R	749	Exposed Dangerous Method or Function
D			754	Improper Check for Unusual or Exceptional Conditions
D		R	755	Improper Handling of Exceptional Conditions
D			756	Missing Custom Error Page
D			757	Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
D			758	Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
D			759	Use of a One-Way Hash without a Salt
D			760	Use of a One-Way Hash with a Predictable Salt
D			761	Free of Pointer not at Start of Buffer
D			762	Mismatched Memory Management Routines
D			763	Release of Invalid Pointer or Reference
D			764	Multiple Locks of a Critical Resource
D			765	Multiple Unlocks of a Critical Resource
D			766	Critical Data Element Declared Public
D			767	Access to Critical Private Variable via Public Method
D			768	Incorrect Short Circuit Evaluation
D			770	Allocation of Resources Without Limits or Throttling
D			771	Missing Reference to Active Allocated Resource
D			772	Missing Release of Resource after Effective Lifetime
D			773	Missing Reference to Active File Descriptor or Handle
D			774	Allocation of File Descriptors or Handles Without Limits or Throttling
D			775	Missing Release of File Descriptor or Handle after Effective Lifetime
D			776	Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
D			777	Regular Expression without Anchors
D			778	Insufficient Logging
D			779	Logging of Excessive Data
D			780	Use of RSA Algorithm without OAEP
D			781	Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
D			782	Exposed IOCTL with Insufficient Access Control
D			783	Operator Precedence Logic Error
D			784	Reliance on Cookies without Validation and Integrity Checking in a Security Decision
D			785	Use of Path Manipulation Function without Maximum-sized Buffer
D			786	Access of Memory Location Before Start of Buffer
D			787	Out-of-bounds Write
D			788	Access of Memory Location After End of Buffer
D			790	Improper Filtering of Special Elements
D			791	Incomplete Filtering of Special Elements
D			792	Incomplete Filtering of One or More Instances of Special Elements
D			793	Only Filtering One Instance of a Special Element
D			794	Incomplete Filtering of Multiple Instances of Special Elements
D			795	Only Filtering Special Elements at a Specified Location
D			796	Only Filtering Special Elements Relative to a Marker
D			797	Only Filtering Special Elements at an Absolute Position
D			798	Use of Hard-coded Credentials
D			799	Improper Control of Interaction Frequency
D			804	Guessable CAPTCHA
D			805	Buffer Access with Incorrect Length Value
D			806	Buffer Access Using Size of Source Buffer
D			807	Reliance on Untrusted Inputs in a Security Decision
D			820	Missing Synchronization
D			821	Incorrect Synchronization
D			822	Untrusted Pointer Dereference
D			823	Use of Out-of-range Pointer Offset
D			824	Access of Uninitialized Pointer
D			825	Expired Pointer Dereference
D			826	Premature Release of Resource During Expected Lifetime
D			827	Improper Control of Document Type Definition
D			828	Signal Handler with Functionality that is not Asynchronous-Safe
D			829	Inclusion of Functionality from Untrusted Control Sphere
D			830	Inclusion of Web Functionality from an Untrusted Source
D			831	Signal Handler Function Associated with Multiple Signals
D			832	Unlock of a Resource that is not Locked
D			833	Deadlock
D		R	834	Excessive Iteration
D			835	Loop with Unreachable Exit Condition ('Infinite Loop')
D			836	Use of Password Hash Instead of Password for Authentication
D			837	Improper Enforcement of a Single, Unique Action
D			838	Inappropriate Encoding for Output Context
D			839	Numeric Range Comparison Without Minimum Check
D			841	Improper Enforcement of Behavioral Workflow
D			842	Placement of User into Incorrect Group
D			843	Access of Resource Using Incompatible Type ('Type Confusion')
D			862	Missing Authorization
D			863	Incorrect Authorization
D			908	Use of Uninitialized Resource
D		R	909	Missing Initialization of Resource
D			910	Use of Expired File Descriptor
D			911	Improper Update of Reference Count
D			912	Hidden Functionality
D			913	Improper Control of Dynamically-Managed Code Resources
D			914	Improper Control of Dynamically-Identified Variables
D			915	Improperly Controlled Modification of Dynamically-Determined Object Attributes
D			916	Use of Password Hash With Insufficient Computational Effort
D			917	Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
D			920	Improper Restriction of Power Consumption
D			921	Storage of Sensitive Data in a Mechanism without Access Control
D			922	Insecure Storage of Sensitive Information
D		R	923	Improper Restriction of Communication Channel to Intended Endpoints
D			924	Improper Enforcement of Message Integrity During Transmission in a Communication Channel
D			939	Improper Authorization in Handler for Custom URL Scheme
D			940	Improper Verification of Source of a Communication Channel
D			941	Incorrectly Specified Destination in a Communication Channel
D		R	942	Permissive Cross-domain Policy with Untrusted Domains
D			943	Improper Neutralization of Special Elements in Data Query Logic
D			1004	Sensitive Cookie Without 'HttpOnly' Flag
D			1007	Insufficient Visual Distinction of Homoglyphs Presented to User
D			1023	Incomplete Comparison with Missing Factors
D			1024	Comparison of Incompatible Types
D			1041	Use of Redundant Code
D			1042	Static Member Data Element outside of a Singleton Class Element
D			1043	Data Element Aggregating an Excessively Large Number of Non-Primitive Elements
D			1044	Architecture with Number of Horizontal Layers Outside of Expected Range
D			1045	Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor
D			1046	Creation of Immutable Text Using String Concatenation
D			1047	Modules with Circular Dependencies
D			1048	Invokable Control Element with Large Number of Outward Calls
D			1049	Excessive Data Query Operations in a Large Data Table
D			1050	Excessive Platform Resource Consumption within a Loop
D			1051	Initialization with Hard-Coded Network Resource Configuration Data
D			1052	Excessive Use of Hard-Coded Literals in Initialization
D			1054	Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer
D			1055	Multiple Inheritance from Concrete Classes
D			1056	Invokable Control Element with Variadic Parameters
D			1057	Data Access Operations Outside of Expected Data Manager Component
D			1058	Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element
		R	1059	Insufficient Technical Documentation
D			1060	Excessive Number of Inefficient Server-Side Data Accesses
D			1061	Insufficient Encapsulation
D			1062	Parent Class with References to Child Class
D			1063	Creation of Class Instance within a Static Code Block
D			1064	Invokable Control Element with Signature Containing an Excessive Number of Parameters
D			1065	Runtime Resource Management Control Element in a Component Built to Run on Application Servers
D			1066	Missing Serialization Control Element
D			1067	Excessive Execution of Sequential Searches of Data Resource
D		R	1068	Inconsistency Between Implementation and Documented Design
D			1069	Empty Exception Block
D			1070	Serializable Data Element Containing non-Serializable Item Elements
D			1072	Data Resource Access without Use of Connection Pooling
D			1073	Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses
D			1074	Class with Excessively Deep Inheritance
D			1075	Unconditional Control Flow Transfer outside of Switch Block
D			1076	Insufficient Adherence to Expected Conventions
D			1077	Floating Point Comparison with Incorrect Operator
D			1079	Parent Class without Virtual Destructor Method
D			1080	Source Code File with Excessive Number of Lines of Code
D			1082	Class Instance Self Destruction Control Element
D			1083	Data Access from Outside Expected Data Manager Component
D			1084	Invokable Control Element with Excessive File or Data Access Operations
D			1085	Invokable Control Element with Excessive Volume of Commented-out Code
D			1087	Class with Virtual Method without a Virtual Destructor
D			1088	Synchronous Access of Remote Resource without Timeout
D			1089	Large Data Table with Excessive Number of Indices
D			1090	Method Containing Access of a Member Element from Another Class
D			1091	Use of Object without Invoking Destructor Method
D			1092	Use of Same Invokable Control Element in Multiple Architectural Layers
D			1093	Excessively Complex Data Representation
D			1094	Excessive Index Range Scan for a Data Resource
D			1095	Loop Condition Value Update within the Loop
D			1096	Singleton Class Instance Creation without Proper Locking or Synchronization
D			1097	Persistent Storable Data Element without Associated Comparison Control Element
D			1098	Data Element containing Pointer Item without Proper Copy Control Element
D			1099	Inconsistent Naming Conventions for Identifiers
D			1100	Insufficient Isolation of System-Dependent Functions
D			1101	Reliance on Runtime Component in Generated Code
D			1102	Reliance on Machine-Dependent Data Representation
D			1103	Use of Platform-Dependent Third Party Components
D		R	1104	Use of Unmaintained Third Party Components
D			1105	Insufficient Encapsulation of Machine-Dependent Functionality
D			1106	Insufficient Use of Symbolic Constants
D			1107	Insufficient Isolation of Symbolic Constant Definitions
D			1108	Excessive Reliance on Global Variables
D			1109	Use of Same Variable for Multiple Purposes
		R	1110	Incomplete Design Documentation
D			1113	Inappropriate Comment Style
D			1114	Inappropriate Whitespace Style
D			1115	Source Code Element without Standard Prologue
D			1116	Inaccurate Comments
D			1117	Callable with Insufficient Behavioral Summary
D			1119	Excessive Use of Unconditional Branching
D			1120	Excessive Code Complexity
D			1121	Excessive McCabe Cyclomatic Complexity
D			1122	Excessive Halstead Complexity
D			1123	Excessive Use of Self-Modifying Code
D			1124	Excessively Deep Nesting
D			1126	Declaration of Variable with Unnecessarily Wide Scope
D			1127	Compilation with Insufficient Warnings or Errors
D			1164	Irrelevant Code
D			1173	Improper Use of Validation Framework
D			1176	Inefficient CPU Computation
D			1177	Use of Prohibited Code
D			1188	Insecure Default Initialization of Resource
		R	1198	Privilege Separation and Access Control Issues
		R	1199	General Circuit and Logic Design Concerns
		R	1206	Power, Clock, Thermal, and Reset Concerns
		R	1207	Debug and Test Problems
		R	1208	Cross-Cutting Problems
		R	1222	Insufficient Granularity of Address Regions Protected by Register Locks
D			1236	Improper Neutralization of Formula Elements in a CSV File
		R	1247	Improper Protection Against Voltage and Clock Glitches
		R	1248	Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
D			1249	Application-Level Admin Tool with Inconsistent View of Underlying Operating System
		R	1250	Improper Preservation of Consistency Between Independent Representations of Shared State
D			1259	Improper Restriction of Security Token Assignment
D			1265	Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls
		R	1271	Uninitialized Value on Reset for Registers Holding Security Settings
		R	1275	Sensitive Cookie with Improper SameSite Attribute
D			1293	Missing Source Correlation of Multiple Independent Data
D			1321	Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
D	N	R	1324	DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface
		R	1329	Reliance on Component That is Not Updateable
D			1339	Insufficient Precision or Accuracy of a Real Number
D	N	R	1357	Reliance on Insufficiently Trustworthy Component
D			1364	ICS Communications: Zone Boundary Failures
D			1365	ICS Communications: Unreliability
D			1366	ICS Communications: Frail Security in Protocols
D		R	1367	ICS Dependencies (& Architecture): External Physical Systems
D		R	1368	ICS Dependencies (& Architecture): External Digital Systems
D		R	1369	ICS Supply Chain: IT/OT Convergence/Expansion
D		R	1370	ICS Supply Chain: Common Mode Frailties
D		R	1371	ICS Supply Chain: Poorly Documented or Undocumented Features
D			1372	ICS Supply Chain: OT Counterfeit and Malicious Corruption
D			1373	ICS Engineering (Construction/Deployment): Trust Model Problems
D			1374	ICS Engineering (Construction/Deployment): Maker Breaker Blindness
D		R	1375	ICS Engineering (Construction/Deployment): Gaps in Details/Data
D		R	1376	ICS Engineering (Construction/Deployment): Security Gaps in Commissioning
D			1377	ICS Engineering (Construction/Deployment): Inherent Predictability in Design
D			1378	ICS Operations (& Maintenance): Gaps in obligations and training
D			1379	ICS Operations (& Maintenance): Human factors in ICS environments
D			1380	ICS Operations (& Maintenance): Post-analysis changes
D			1381	ICS Operations (& Maintenance): Exploitable Standard Operational Procedures
D			1382	ICS Operations (& Maintenance): Emerging Energy Technologies
D			1383	ICS Operations (& Maintenance): Compliance/Conformance with Regulatory Requirements
		R	1384	Improper Handling of Physical or Environmental Conditions
D			1385	Missing Origin Validation in WebSockets
D			1386	Insecure Operation on Windows Junction / Mount Point
		R	1390	Weak Authentication
		R	1393	Use of Default Password

Detailed Difference Report

5	J2EE Misconfiguration: Data Transmission Without Encryption
	Major	Potential_Mitigations
	Minor	None
7	J2EE Misconfiguration: Missing Custom Error Page
	Major	Description
	Minor	None
9	J2EE Misconfiguration: Weak Access Permissions for EJB Methods
	Major	Description
	Minor	None
15	External Control of System or Configuration Setting
	Major	Applicable_Platforms, Related_Attack_Patterns, Relationships
	Minor	None
22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
	Major	Common_Consequences, Description, Detection_Factors
	Minor	None
23	Relative Path Traversal
	Major	Common_Consequences, Description
	Minor	None
24	Path Traversal: '../filedir'
	Major	Description
	Minor	None
25	Path Traversal: '/../filedir'
	Major	Description
	Minor	None
26	Path Traversal: '/dir/../filename'
	Major	Description
	Minor	None
27	Path Traversal: 'dir/../../filename'
	Major	Description
	Minor	None
28	Path Traversal: '..\filedir'
	Major	Description
	Minor	None
29	Path Traversal: '\..\filename'
	Major	Description
	Minor	None
30	Path Traversal: '\dir\..\filename'
	Major	Description
	Minor	None
31	Path Traversal: 'dir\..\..\filename'
	Major	Description
	Minor	None
32	Path Traversal: '...' (Triple Dot)
	Major	Description
	Minor	None
33	Path Traversal: '....' (Multiple Dot)
	Major	Description
	Minor	None
34	Path Traversal: '....//'
	Major	Description
	Minor	None
35	Path Traversal: '.../...//'
	Major	Description
	Minor	None
36	Absolute Path Traversal
	Major	Common_Consequences, Description
	Minor	None
37	Path Traversal: '/absolute/pathname/here'
	Major	Description
	Minor	None
38	Path Traversal: '\absolute\pathname\here'
	Major	Description
	Minor	None
39	Path Traversal: 'C:dirname'
	Major	Description
	Minor	None
40	Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
	Major	Description
	Minor	None
41	Improper Resolution of Path Equivalence
	Major	Description
	Minor	None
42	Path Equivalence: 'filename.' (Trailing Dot)
	Major	Description
	Minor	None
43	Path Equivalence: 'filename....' (Multiple Trailing Dot)
	Major	Description
	Minor	None
44	Path Equivalence: 'file.name' (Internal Dot)
	Major	Description
	Minor	None
45	Path Equivalence: 'file...name' (Multiple Internal Dot)
	Major	Description
	Minor	None
46	Path Equivalence: 'filename ' (Trailing Space)
	Major	Description
	Minor	None
47	Path Equivalence: ' filename' (Leading Space)
	Major	Description
	Minor	None
48	Path Equivalence: 'file name' (Internal Whitespace)
	Major	Description
	Minor	None
49	Path Equivalence: 'filename/' (Trailing Slash)
	Major	Description
	Minor	None
50	Path Equivalence: '//multiple/leading/slash'
	Major	Description
	Minor	None
51	Path Equivalence: '/multiple//internal/slash'
	Major	Description
	Minor	None
52	Path Equivalence: '/multiple/trailing/slash//'
	Major	Description
	Minor	None
53	Path Equivalence: '\multiple\\internal\backslash'
	Major	Description
	Minor	None
54	Path Equivalence: 'filedir\' (Trailing Backslash)
	Major	Description
	Minor	None
55	Path Equivalence: '/./' (Single Dot Directory)
	Major	Description
	Minor	None
56	*Path Equivalence: 'filedir' (Wildcard)**
	Major	Description
	Minor	None
57	Path Equivalence: 'fakedir/../realdir/filename'
	Major	Description
	Minor	None
58	Path Equivalence: Windows 8.3 Filename
	Major	Description
	Minor	None
59	Improper Link Resolution Before File Access ('Link Following')
	Major	Description
	Minor	None
61	UNIX Symbolic Link (Symlink) Following
	Major	Description
	Minor	None
62	UNIX Hard Link
	Major	Description
	Minor	None
64	Windows Shortcut Following (.LNK)
	Major	Description
	Minor	None
65	Windows Hard Link
	Major	Description
	Minor	None
67	Improper Handling of Windows Device Names
	Major	Description
	Minor	None
69	Improper Handling of Windows ::DATA Alternate Data Stream
	Major	Description
	Minor	None
72	Improper Handling of Apple HFS+ Alternate Data Stream Path
	Major	Description
	Minor	None
73	External Control of File Name or Path
	Major	Description, Detection_Factors, Potential_Mitigations
	Minor	None
74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
	Major	Description
	Minor	None
75	Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
	Major	Description
	Minor	None
76	Improper Neutralization of Equivalent Special Elements
	Major	Description
	Minor	None
77	Improper Neutralization of Special Elements used in a Command ('Command Injection')
	Major	Description, Potential_Mitigations
	Minor	None
78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
	Major	Common_Consequences, Description
	Minor	None
79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
	Major	Alternate_Terms, Demonstrative_Examples, Description
	Minor	None
80	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
	Major	Description
	Minor	None
81	Improper Neutralization of Script in an Error Message Web Page
	Major	Description
	Minor	None
83	Improper Neutralization of Script in Attributes in a Web Page
	Major	Description
	Minor	None
86	Improper Neutralization of Invalid Characters in Identifiers in Web Pages
	Major	Description
	Minor	None
87	Improper Neutralization of Alternate XSS Syntax
	Major	Description
	Minor	None
88	Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
	Major	Description, Potential_Mitigations
	Minor	None
89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
	Major	Demonstrative_Examples, Description
	Minor	None
90	Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
	Major	Description
	Minor	None
91	XML Injection (aka Blind XPath Injection)
	Major	Description
	Minor	None
93	Improper Neutralization of CRLF Sequences ('CRLF Injection')
	Major	Description
	Minor	None
94	Improper Control of Generation of Code ('Code Injection')
	Major	Demonstrative_Examples, Description, Potential_Mitigations, Relationships
	Minor	None
95	Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
	Major	Demonstrative_Examples, Description
	Minor	None
96	Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
	Major	Description
	Minor	None
97	Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
	Major	Description
	Minor	None
98	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
	Major	Description, Detection_Factors
	Minor	None
99	Improper Control of Resource Identifiers ('Resource Injection')
	Major	Description
	Minor	None
102	Struts: Duplicate Validation Forms
	Major	Demonstrative_Examples, Description
	Minor	None
103	Struts: Incomplete validate() Method Definition
	Major	Common_Consequences, Description
	Minor	None
105	Struts: Form Field Without Validator
	Major	Description, Modes_of_Introduction
	Minor	None
112	Missing XML Validation
	Major	Description
	Minor	None
113	Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
	Major	Description
	Minor	None
114	Process Control
	Major	Description, Maintenance_Notes, Related_Attack_Patterns
	Minor	None
115	Misinterpretation of Input
	Major	Description
	Minor	None
116	Improper Encoding or Escaping of Output
	Major	Description
	Minor	None
117	Improper Output Neutralization for Logs
	Major	Description
	Minor	None
118	Incorrect Access of Indexable Resource ('Range Error')
	Major	Description
	Minor	None
119	Improper Restriction of Operations within the Bounds of a Memory Buffer
	Major	Alternate_Terms, Description
	Minor	None
120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
	Major	Common_Consequences, Description
	Minor	None
124	Buffer Underwrite ('Buffer Underflow')
	Major	Description
	Minor	None
125	Out-of-bounds Read
	Major	Description
	Minor	None
126	Buffer Over-read
	Major	Description
	Minor	None
127	Buffer Under-read
	Major	Description
	Minor	None
130	Improper Handling of Length Parameter Inconsistency
	Major	Description
	Minor	None
131	Incorrect Calculation of Buffer Size
	Major	Description
	Minor	None
134	Use of Externally-Controlled Format String
	Major	Description
	Minor	None
135	Incorrect Calculation of Multi-Byte String Length
	Major	Description
	Minor	None
138	Improper Neutralization of Special Elements
	Major	Description, Potential_Mitigations
	Minor	None
140	Improper Neutralization of Delimiters
	Major	Description, Potential_Mitigations
	Minor	None
141	Improper Neutralization of Parameter/Argument Delimiters
	Major	Description, Potential_Mitigations
	Minor	None
142	Improper Neutralization of Value Delimiters
	Major	Description, Potential_Mitigations
	Minor	None
143	Improper Neutralization of Record Delimiters
	Major	Description, Potential_Mitigations
	Minor	None
144	Improper Neutralization of Line Delimiters
	Major	Description, Potential_Mitigations
	Minor	None
145	Improper Neutralization of Section Delimiters
	Major	Description, Potential_Mitigations
	Minor	None
146	Improper Neutralization of Expression/Command Delimiters
	Major	Description, Potential_Mitigations
	Minor	None
147	Improper Neutralization of Input Terminators
	Major	Description, Potential_Mitigations
	Minor	None
148	Improper Neutralization of Input Leaders
	Major	Description, Potential_Mitigations
	Minor	None
149	Improper Neutralization of Quoting Syntax
	Major	Description, Potential_Mitigations
	Minor	None
150	Improper Neutralization of Escape, Meta, or Control Sequences
	Major	Description, Potential_Mitigations
	Minor	None
151	Improper Neutralization of Comment Delimiters
	Major	Description, Potential_Mitigations
	Minor	None
152	Improper Neutralization of Macro Symbols
	Major	Description, Potential_Mitigations
	Minor	None
153	Improper Neutralization of Substitution Characters
	Major	Description, Potential_Mitigations
	Minor	None
154	Improper Neutralization of Variable Name Delimiters
	Major	Description, Potential_Mitigations
	Minor	None
155	Improper Neutralization of Wildcards or Matching Symbols
	Major	Description, Potential_Mitigations
	Minor	None
156	Improper Neutralization of Whitespace
	Major	Description, Potential_Mitigations
	Minor	None
157	Failure to Sanitize Paired Delimiters
	Major	Description, Potential_Mitigations
	Minor	None
158	Improper Neutralization of Null Byte or NUL Character
	Major	Description, Potential_Mitigations
	Minor	None
160	Improper Neutralization of Leading Special Elements
	Major	Description, Potential_Mitigations
	Minor	None
161	Improper Neutralization of Multiple Leading Special Elements
	Major	Description, Potential_Mitigations
	Minor	None
162	Improper Neutralization of Trailing Special Elements
	Major	Description, Potential_Mitigations
	Minor	None
163	Improper Neutralization of Multiple Trailing Special Elements
	Major	Description, Potential_Mitigations
	Minor	None
164	Improper Neutralization of Internal Special Elements
	Major	Description, Potential_Mitigations
	Minor	None
165	Improper Neutralization of Multiple Internal Special Elements
	Major	Description, Potential_Mitigations
	Minor	None
166	Improper Handling of Missing Special Element
	Major	Description, Potential_Mitigations
	Minor	None
167	Improper Handling of Additional Special Element
	Major	Description, Potential_Mitigations
	Minor	None
168	Improper Handling of Inconsistent Special Elements
	Major	Description, Potential_Mitigations
	Minor	None
170	Improper Null Termination
	Major	Description
	Minor	None
172	Encoding Error
	Major	Description
	Minor	None
173	Improper Handling of Alternate Encoding
	Major	Description
	Minor	None
174	Double Decoding of the Same Data
	Major	Description
	Minor	None
175	Improper Handling of Mixed Encoding
	Major	Description
	Minor	None
176	Improper Handling of Unicode Encoding
	Major	Description
	Minor	None
177	Improper Handling of URL Encoding (Hex Encoding)
	Major	Description
	Minor	None
178	Improper Handling of Case Sensitivity
	Major	Description
	Minor	None
179	Incorrect Behavior Order: Early Validation
	Major	Description
	Minor	None
180	Incorrect Behavior Order: Validate Before Canonicalize
	Major	Description
	Minor	None
181	Incorrect Behavior Order: Validate Before Filter
	Major	Description
	Minor	None
182	Collapse of Data into Unsafe Value
	Major	Description
	Minor	None
185	Incorrect Regular Expression
	Major	Description
	Minor	None
187	Partial String Comparison
	Major	Description
	Minor	None
188	Reliance on Data/Memory Layout
	Major	Description
	Minor	None
190	Integer Overflow or Wraparound
	Major	Description, Detection_Factors
	Minor	None
194	Unexpected Sign Extension
	Major	Description
	Minor	None
195	Signed to Unsigned Conversion Error
	Major	Description
	Minor	None
196	Unsigned to Signed Conversion Error
	Major	Description
	Minor	None
198	Use of Incorrect Byte Ordering
	Major	Description
	Minor	None
204	Observable Response Discrepancy
	Major	Related_Attack_Patterns
	Minor	None
205	Observable Behavioral Discrepancy
	Major	Related_Attack_Patterns
	Minor	None
208	Observable Timing Discrepancy
	Major	Related_Attack_Patterns
	Minor	None
209	Generation of Error Message Containing Sensitive Information
	Major	Description
	Minor	None
210	Self-generated Error Message Containing Sensitive Information
	Major	Description
	Minor	None
211	Externally-Generated Error Message Containing Sensitive Information
	Major	Description
	Minor	None
212	Improper Removal of Sensitive Information Before Storage or Transfer
	Major	Description
	Minor	None
214	Invocation of Process Using Visible Sensitive Information
	Major	Description, Observed_Examples, Relationships
	Minor	None
215	Insertion of Sensitive Information Into Debugging Code
	Major	Description
	Minor	None
219	Storage of File with Sensitive Data Under Web Root
	Major	Description
	Minor	None
220	Storage of File With Sensitive Data Under FTP Root
	Major	Description
	Minor	None
221	Information Loss or Omission
	Major	Description
	Minor	None
222	Truncation of Security-relevant Information
	Major	Description
	Minor	None
223	Omission of Security-relevant Information
	Major	Description
	Minor	None
224	Obscured Security-relevant Information by Alternate Name
	Major	Description
	Minor	None
229	Improper Handling of Values
	Major	Description
	Minor	None
230	Improper Handling of Missing Values
	Major	Description
	Minor	None
231	Improper Handling of Extra Values
	Major	Description
	Minor	None
232	Improper Handling of Undefined Values
	Major	Description
	Minor	None
233	Improper Handling of Parameters
	Major	Description
	Minor	None
235	Improper Handling of Extra Parameters
	Major	Description
	Minor	None
236	Improper Handling of Undefined Parameters
	Major	Description
	Minor	None
237	Improper Handling of Structural Elements
	Major	Description
	Minor	None
238	Improper Handling of Incomplete Structural Elements
	Major	Description
	Minor	None
239	Failure to Handle Incomplete Element
	Major	Description
	Minor	None
240	Improper Handling of Inconsistent Structural Elements
	Major	Description
	Minor	None
241	Improper Handling of Unexpected Data Type
	Major	Description
	Minor	None
242	Use of Inherently Dangerous Function
	Major	Description
	Minor	None
243	Creation of chroot Jail Without Changing Working Directory
	Major	Description
	Minor	None
250	Execution with Unnecessary Privileges
	Major	Description, Maintenance_Notes, Taxonomy_Mappings
	Minor	None
252	Unchecked Return Value
	Major	Description
	Minor	None
253	Incorrect Check of Function Return Value
	Major	Description
	Minor	None
256	Plaintext Storage of a Password
	Major	Applicable_Platforms
	Minor	None
259	Use of Hard-coded Password
	Major	Applicable_Platforms, Description
	Minor	None
260	Password in Configuration File
	Major	Description
	Minor	None
261	Weak Encoding for Password
	Major	Relationships
	Minor	None
269	Improper Privilege Management
	Major	Description
	Minor	None
270	Privilege Context Switching Error
	Major	Description
	Minor	None
271	Privilege Dropping / Lowering Errors
	Major	Description
	Minor	None
273	Improper Check for Dropped Privileges
	Major	Description
	Minor	None
274	Improper Handling of Insufficient Privileges
	Major	Description, Relationships, Theoretical_Notes
	Minor	None
275	Permission Issues
	Major	Terminology_Notes
	Minor	None
276	Incorrect Default Permissions
	Major	Applicable_Platforms
	Minor	None
279	Incorrect Execution-Assigned Permissions
	Major	Description
	Minor	None
280	Improper Handling of Insufficient Permissions or Privileges
	Major	Description
	Minor	None
281	Improper Preservation of Permissions
	Major	Description
	Minor	None
282	Improper Ownership Management
	Major	Description
	Minor	None
283	Unverified Ownership
	Major	Description
	Minor	None
284	Improper Access Control
	Major	Applicable_Platforms, Description, Observed_Examples, Relationships
	Minor	None
285	Improper Authorization
	Major	Description, Potential_Mitigations
	Minor	None
286	Incorrect User Management
	Major	Description
	Minor	None
287	Improper Authentication
	Major	Description, Maintenance_Notes, Observed_Examples, Taxonomy_Mappings
	Minor	None
289	Authentication Bypass by Alternate Name
	Major	Description, Type
	Minor	None
290	Authentication Bypass by Spoofing
	Major	Description
	Minor	None
291	Reliance on IP Address for Authentication
	Major	Description
	Minor	None
294	Authentication Bypass by Capture-replay
	Major	Description, Related_Attack_Patterns
	Minor	None
295	Improper Certificate Validation
	Major	Description, Modes_of_Introduction
	Minor	None
296	Improper Following of a Certificate's Chain of Trust
	Major	Description, Modes_of_Introduction
	Minor	None
297	Improper Validation of Certificate with Host Mismatch
	Major	Applicable_Platforms, Description, Detection_Factors, Modes_of_Introduction
	Minor	None
299	Improper Check for Certificate Revocation
	Major	Demonstrative_Examples, Description, Modes_of_Introduction
	Minor	None
300	Channel Accessible by Non-Endpoint
	Major	Relationships
	Minor	None
301	Reflection Attack in an Authentication Protocol
	Major	Type
	Minor	None
302	Authentication Bypass by Assumed-Immutable Data
	Major	Type
	Minor	None
303	Incorrect Implementation of Authentication Algorithm
	Major	Description, Relationships
	Minor	None
304	Missing Critical Step in Authentication
	Major	Description, Relationships
	Minor	None
306	Missing Authentication for Critical Function
	Major	Related_Attack_Patterns, Relationships
	Minor	None
311	Missing Encryption of Sensitive Data
	Major	Description, Potential_Mitigations
	Minor	None
312	Cleartext Storage of Sensitive Information
	Major	Applicable_Platforms, Demonstrative_Examples, Description, References, Relationships
	Minor	None
313	Cleartext Storage in a File or on Disk
	Major	Description
	Minor	None
314	Cleartext Storage in the Registry
	Major	Description
	Minor	None
315	Cleartext Storage of Sensitive Information in a Cookie
	Major	Description
	Minor	None
316	Cleartext Storage of Sensitive Information in Memory
	Major	Description
	Minor	None
317	Cleartext Storage of Sensitive Information in GUI
	Major	Description
	Minor	None
318	Cleartext Storage of Sensitive Information in Executable
	Major	Description
	Minor	None
319	Cleartext Transmission of Sensitive Information
	Major	Applicable_Platforms, Demonstrative_Examples, Description, Maintenance_Notes, Modes_of_Introduction, Potential_Mitigations, References, Relationships, Taxonomy_Mappings
	Minor	None
320	Key Management Errors
	Major	Maintenance_Notes
	Minor	None
321	Use of Hard-coded Cryptographic Key
	Major	Applicable_Platforms, Maintenance_Notes, Taxonomy_Mappings
	Minor	None
322	Key Exchange without Entity Authentication
	Major	Description, Relationships
	Minor	None
326	Inadequate Encryption Strength
	Major	Description, Relationships
	Minor	None
327	Use of a Broken or Risky Cryptographic Algorithm
	Major	Applicable_Platforms, Background_Details, Demonstrative_Examples, Description, Maintenance_Notes, Modes_of_Introduction, Observed_Examples, Potential_Mitigations, References, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
328	Use of Weak Hash
	Major	Applicable_Platforms
	Minor	None
329	Generation of Predictable IV with CBC Mode
	Major	Applicable_Platforms
	Minor	None
330	Use of Insufficiently Random Values
	Major	Common_Consequences, Description
	Minor	None
331	Insufficient Entropy
	Major	Description
	Minor	None
335	Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
	Major	Description
	Minor	None
343	Predictable Value Range from Previous Values
	Major	Description
	Minor	None
345	Insufficient Verification of Data Authenticity
	Major	Applicable_Platforms, Demonstrative_Examples, Description, Observed_Examples, References, Related_Attack_Patterns
	Minor	None
346	Origin Validation Error
	Major	Description, Type
	Minor	None
347	Improper Verification of Cryptographic Signature
	Major	Description
	Minor	None
348	Use of Less Trusted Source
	Major	Description
	Minor	None
349	Acceptance of Extraneous Untrusted Data With Trusted Data
	Major	Description
	Minor	None
350	Reliance on Reverse DNS Resolution for a Security-Critical Action
	Major	Description
	Minor	None
351	Insufficient Type Distinction
	Major	Description
	Minor	None
353	Missing Support for Integrity Check
	Major	Description
	Minor	None
354	Improper Validation of Integrity Check Value
	Major	Description
	Minor	None
356	Product UI does not Warn User of Unsafe Actions
	Major	Description
	Minor	None
358	Improperly Implemented Security Check for Standard
	Major	Description
	Minor	None
359	Exposure of Private Personal Information to an Unauthorized Actor
	Major	Related_Attack_Patterns
	Minor	None
362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
	Major	Applicable_Platforms, Common_Consequences, Description
	Minor	None
363	Race Condition Enabling Link Following
	Major	Description
	Minor	None
364	Signal Handler Race Condition
	Major	Description
	Minor	None
367	Time-of-check Time-of-use (TOCTOU) Race Condition
	Major	Description
	Minor	None
370	Missing Check for Certificate Revocation after Initial Check
	Major	Description
	Minor	None
372	Incomplete Internal State Distinction
	Major	Description
	Minor	None
374	Passing Mutable Objects to an Untrusted Method
	Major	Description
	Minor	None
377	Insecure Temporary File
	Major	Related_Attack_Patterns
	Minor	None
379	Creation of Temporary File in Directory with Insecure Permissions
	Major	Description
	Minor	None
390	Detection of Error Condition Without Action
	Major	Description, Potential_Mitigations
	Minor	None
392	Missing Report of Error Condition
	Major	Description
	Minor	None
393	Return of Wrong Status Code
	Major	Description
	Minor	None
394	Unexpected Status Code or Return Value
	Major	Description
	Minor	None
400	Uncontrolled Resource Consumption
	Major	Common_Consequences, Description, Detection_Factors, Maintenance_Notes, Related_Attack_Patterns, Taxonomy_Mappings
	Minor	None
401	Missing Release of Memory after Effective Lifetime
	Major	Common_Consequences, Description
	Minor	None
402	Transmission of Private Resources into a New Sphere ('Resource Leak')
	Major	Description
	Minor	None
404	Improper Resource Shutdown or Release
	Major	Description, Detection_Factors
	Minor	None
405	Asymmetric Resource Consumption (Amplification)
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Observed_Examples, Potential_Mitigations, References, Time_of_Introduction
	Minor	None
406	Insufficient Control of Network Message Volume (Network Amplification)
	Major	Description
	Minor	None
407	Inefficient Algorithmic Complexity
	Major	Demonstrative_Examples, Observed_Examples, References
	Minor	None
408	Incorrect Behavior Order: Early Amplification
	Major	Demonstrative_Examples, Description
	Minor	None
409	Improper Handling of Highly Compressed Data (Data Amplification)
	Major	Description
	Minor	None
410	Insufficient Resource Pool
	Major	Description
	Minor	None
412	Unrestricted Externally Accessible Lock
	Major	Description
	Minor	None
413	Improper Resource Locking
	Major	Description
	Minor	None
419	Unprotected Primary Channel
	Major	Description
	Minor	None
420	Unprotected Alternate Channel
	Major	Description
	Minor	None
422	Unprotected Windows Messaging Channel ('Shatter')
	Major	Description
	Minor	None
425	Direct Request ('Forced Browsing')
	Major	Observed_Examples, Related_Attack_Patterns
	Minor	None
426	Untrusted Search Path
	Major	Description
	Minor	None
427	Uncontrolled Search Path Element
	Major	Description, Observed_Examples, References
	Minor	None
432	Dangerous Signal Handler not Disabled During Sensitive Operations
	Major	Description
	Minor	None
433	Unparsed Raw Web Content Delivery
	Major	Description
	Minor	None
434	Unrestricted Upload of File with Dangerous Type
	Major	Alternate_Terms, Description
	Minor	None
440	Expected Behavior Violation
	Major	Applicable_Platforms, Relationships
	Minor	None
446	UI Discrepancy for Security Feature
	Major	Description
	Minor	None
451	User Interface (UI) Misrepresentation of Critical Information
	Major	Description, Related_Attack_Patterns
	Minor	None
453	Insecure Default Variable Initialization
	Major	Description
	Minor	None
454	External Initialization of Trusted Variables or Data Stores
	Major	Description, Potential_Mitigations
	Minor	None
455	Non-exit on Failed Initialization
	Major	Description
	Minor	None
456	Missing Initialization of a Variable
	Major	Description
	Minor	None
459	Incomplete Cleanup
	Major	Description
	Minor	None
469	Use of Pointer Subtraction to Determine Size
	Major	Description
	Minor	None
470	Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
	Major	Common_Consequences, Demonstrative_Examples, Description, Related_Attack_Patterns, Relationships
	Minor	None
471	Modification of Assumed-Immutable Data (MAID)
	Major	Description
	Minor	None
479	Signal Handler Use of a Non-reentrant Function
	Major	Description
	Minor	None
480	Use of Incorrect Operator
	Major	Description, Observed_Examples
	Minor	None
484	Omitted Break Statement in Switch
	Major	Description, Detection_Factors
	Minor	None
486	Comparison of Classes by Name
	Major	Common_Consequences, Description
	Minor	None
489	Active Debug Code
	Major	Applicable_Platforms, Description, Relationships
	Minor	None
494	Download of Code Without Integrity Check
	Major	Related_Attack_Patterns
	Minor	None
497	Exposure of Sensitive System Information to an Unauthorized Control Sphere
	Major	Description, Relationships
	Minor	None
502	Deserialization of Untrusted Data
	Major	Description
	Minor	None
506	Embedded Malicious Code
	Major	Description, Related_Attack_Patterns
	Minor	None
507	Trojan Horse
	Major	Description, Potential_Mitigations
	Minor	None
508	Non-Replicating Malicious Code
	Major	Description
	Minor	None
509	Replicating Malicious Code (Virus or Worm)
	Major	Description
	Minor	None
511	Logic/Time Bomb
	Major	Description, Potential_Mitigations
	Minor	None
512	Spyware
	Major	Description, Potential_Mitigations
	Minor	None
522	Insufficiently Protected Credentials
	Major	Applicable_Platforms, Observed_Examples, Relationships
	Minor	None
526	Cleartext Storage of Sensitive Information in an Environment Variable
	Major	Description, Name, Observed_Examples, Potential_Mitigations, References, Relationships
	Minor	None
543	Use of Singleton Pattern Without Synchronization in a Multithreaded Context
	Major	Description
	Minor	None
544	Missing Standardized Error Handling Mechanism
	Major	Description
	Minor	None
547	Use of Hard-coded, Security-relevant Constants
	Major	Description
	Minor	None
549	Missing Password Field Masking
	Major	Description
	Minor	None
552	Files or Directories Accessible to External Parties
	Major	Applicable_Platforms, Demonstrative_Examples, Description, Potential_Mitigations, References
	Minor	None
558	Use of getlogin() in Multithreaded Application
	Major	Description
	Minor	None
561	Dead Code
	Major	Description
	Minor	None
565	Reliance on Cookies without Validation and Integrity Checking
	Major	Description
	Minor	None
566	Authorization Bypass Through User-Controlled SQL Primary Key
	Major	Description
	Minor	None
568	finalize() Method Without super.finalize()
	Major	Description
	Minor	None
570	Expression is Always False
	Major	Description
	Minor	None
571	Expression is Always True
	Major	Description
	Minor	None
572	Call to Thread run() instead of start()
	Major	Description
	Minor	None
573	Improper Following of Specification by Caller
	Major	Description
	Minor	None
574	EJB Bad Practices: Use of Synchronization Primitives
	Major	Description
	Minor	None
575	EJB Bad Practices: Use of AWT Swing
	Major	Description
	Minor	None
576	EJB Bad Practices: Use of Java I/O
	Major	Description
	Minor	None
577	EJB Bad Practices: Use of Sockets
	Major	Description
	Minor	None
578	EJB Bad Practices: Use of Class Loader
	Major	Description
	Minor	None
579	J2EE Bad Practices: Non-serializable Object Stored in Session
	Major	Description, Potential_Mitigations
	Minor	None
580	clone() Method Without super.clone()
	Major	Description
	Minor	None
581	Object Model Violation: Just One of Equals and Hashcode Defined
	Major	Description
	Minor	None
582	Array Declared Public, Final, and Static
	Major	Background_Details, Description
	Minor	None
583	finalize() Method Declared Public
	Major	Demonstrative_Examples, Description
	Minor	None
585	Empty Synchronized Block
	Major	Description
	Minor	None
586	Explicit Call to Finalize()
	Major	Description
	Minor	None
587	Assignment of a Fixed Address to a Pointer
	Major	Description
	Minor	None
589	Call to Non-ubiquitous API
	Major	Description
	Minor	None
590	Free of Memory not on the Heap
	Major	Description
	Minor	None
591	Sensitive Data Storage in Improperly Locked Memory
	Major	Description
	Minor	None
593	Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
	Major	Description
	Minor	None
595	Comparison of Object References Instead of Object Contents
	Major	Description
	Minor	None
599	Missing Validation of OpenSSL Certificate
	Major	Description
	Minor	None
601	URL Redirection to Untrusted Site ('Open Redirect')
	Major	Related_Attack_Patterns
	Minor	None
602	Client-Side Enforcement of Server-Side Security
	Major	Applicable_Platforms, Relationships, Type
	Minor	None
603	Use of Client-Side Authentication
	Major	Applicable_Platforms, Relationships
	Minor	None
609	Double-Checked Locking
	Major	Description
	Minor	None
611	Improper Restriction of XML External Entity Reference
	Major	Alternate_Terms, Common_Consequences, Description
	Minor	None
623	Unsafe ActiveX Control Marked Safe For Scripting
	Major	Relationships
	Minor	None
636	Not Failing Securely ('Failing Open')
	Major	Applicable_Platforms
	Minor	None
637	Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')
	Major	Description
	Minor	None
638	Not Using Complete Mediation
	Major	Description, Relationships
	Minor	None
640	Weak Password Recovery Mechanism for Forgotten Password
	Major	Description
	Minor	None
641	Improper Restriction of Names for Files and Other Resources
	Major	Description
	Minor	None
642	External Control of Critical State Data
	Major	Description, Potential_Mitigations
	Minor	None
643	Improper Neutralization of Data within XPath Expressions ('XPath Injection')
	Major	Description
	Minor	None
644	Improper Neutralization of HTTP Headers for Scripting Syntax
	Major	Description
	Minor	None
645	Overly Restrictive Account Lockout Mechanism
	Major	Description
	Minor	None
646	Reliance on File Name or Extension of Externally-Supplied File
	Major	Description
	Minor	None
647	Use of Non-Canonical URL Paths for Authorization Decisions
	Major	Description
	Minor	None
648	Incorrect Use of Privileged APIs
	Major	Description
	Minor	None
649	Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
	Major	Common_Consequences, Description
	Minor	None
652	Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
	Major	Description
	Minor	None
655	Insufficient Psychological Acceptability
	Major	Description, Maintenance_Notes, Taxonomy_Mappings
	Minor	None
656	Reliance on Security Through Obscurity
	Major	Description
	Minor	None
657	Violation of Secure Design Principles
	Major	Maintenance_Notes, Relationships, Taxonomy_Mappings
	Minor	None
662	Improper Synchronization
	Major	Description
	Minor	None
663	Use of a Non-reentrant Function in a Concurrent Context
	Major	Description
	Minor	None
664	Improper Control of a Resource Through its Lifetime
	Major	Description, Relationships
	Minor	None
665	Improper Initialization
	Major	Description, Potential_Mitigations, Relationships
	Minor	None
666	Operation on Resource in Wrong Phase of Lifetime
	Major	Description
	Minor	None
667	Improper Locking
	Major	Description
	Minor	None
672	Operation on a Resource after Expiration or Release
	Major	Description
	Minor	None
674	Uncontrolled Recursion
	Major	Description, Relationships
	Minor	None
676	Use of Potentially Dangerous Function
	Major	Description
	Minor	None
682	Incorrect Calculation
	Major	Description, Potential_Mitigations
	Minor	None
683	Function Call With Incorrect Order of Arguments
	Major	Description, Potential_Mitigations
	Minor	None
684	Incorrect Provision of Specified Functionality
	Major	Description
	Minor	None
685	Function Call With Incorrect Number of Arguments
	Major	Description, Potential_Mitigations
	Minor	None
686	Function Call With Incorrect Argument Type
	Major	Description, Potential_Mitigations
	Minor	None
687	Function Call With Incorrectly Specified Argument Value
	Major	Description
	Minor	None
688	Function Call With Incorrect Variable or Reference as Argument
	Major	Description, Potential_Mitigations
	Minor	None
691	Insufficient Control Flow Management
	Major	Relationships
	Minor	None
693	Protection Mechanism Failure
	Major	Applicable_Platforms, Relationships
	Minor	None
694	Use of Multiple Resources with Duplicate Identifier
	Major	Description
	Minor	None
695	Use of Low-Level Functionality
	Major	Description
	Minor	None
697	Incorrect Comparison
	Major	Description, Observed_Examples
	Minor	None
703	Improper Check or Handling of Exceptional Conditions
	Major	Description, Relationships
	Minor	None
704	Incorrect Type Conversion or Cast
	Major	Description
	Minor	None
705	Incorrect Control Flow Scoping
	Major	Description
	Minor	None
706	Use of Incorrectly-Resolved Name or Reference
	Major	Description
	Minor	None
708	Incorrect Ownership Assignment
	Major	Description
	Minor	None
710	Improper Adherence to Coding Standards
	Major	Description
	Minor	None
732	Incorrect Permission Assignment for Critical Resource
	Major	Applicable_Platforms, Description, References
	Minor	None
749	Exposed Dangerous Method or Function
	Major	Description, Related_Attack_Patterns, Relationships
	Minor	None
754	Improper Check for Unusual or Exceptional Conditions
	Major	Description, Potential_Mitigations
	Minor	None
755	Improper Handling of Exceptional Conditions
	Major	Description, Relationships
	Minor	None
756	Missing Custom Error Page
	Major	Description
	Minor	None
757	Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
	Major	Description
	Minor	None
758	Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
	Major	Description
	Minor	None
759	Use of a One-Way Hash without a Salt
	Major	Description
	Minor	None
760	Use of a One-Way Hash with a Predictable Salt
	Major	Description
	Minor	None
761	Free of Pointer not at Start of Buffer
	Major	Description
	Minor	None
762	Mismatched Memory Management Routines
	Major	Description
	Minor	None
763	Release of Invalid Pointer or Reference
	Major	Description
	Minor	None
764	Multiple Locks of a Critical Resource
	Major	Description
	Minor	None
765	Multiple Unlocks of a Critical Resource
	Major	Description, Potential_Mitigations
	Minor	None
766	Critical Data Element Declared Public
	Major	Description
	Minor	None
767	Access to Critical Private Variable via Public Method
	Major	Description
	Minor	None
768	Incorrect Short Circuit Evaluation
	Major	Common_Consequences, Description
	Minor	None
770	Allocation of Resources Without Limits or Throttling
	Major	Description, Detection_Factors
	Minor	None
771	Missing Reference to Active Allocated Resource
	Major	Description
	Minor	None
772	Missing Release of Resource after Effective Lifetime
	Major	Description
	Minor	None
773	Missing Reference to Active File Descriptor or Handle
	Major	Description
	Minor	None
774	Allocation of File Descriptors or Handles Without Limits or Throttling
	Major	Description
	Minor	None
775	Missing Release of File Descriptor or Handle after Effective Lifetime
	Major	Description
	Minor	None
776	Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
	Major	Description
	Minor	None
777	Regular Expression without Anchors
	Major	Description
	Minor	None
778	Insufficient Logging
	Major	Applicable_Platforms, Demonstrative_Examples, Description, Potential_Mitigations, References
	Minor	None
779	Logging of Excessive Data
	Major	Description, Potential_Mitigations
	Minor	None
780	Use of RSA Algorithm without OAEP
	Major	Description
	Minor	None
781	Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
	Major	Description
	Minor	None
782	Exposed IOCTL with Insufficient Access Control
	Major	Description
	Minor	None
783	Operator Precedence Logic Error
	Major	Description
	Minor	None
784	Reliance on Cookies without Validation and Integrity Checking in a Security Decision
	Major	Description
	Minor	None
785	Use of Path Manipulation Function without Maximum-sized Buffer
	Major	Description
	Minor	None
786	Access of Memory Location Before Start of Buffer
	Major	Description
	Minor	None
787	Out-of-bounds Write
	Major	Alternate_Terms, Demonstrative_Examples, Description
	Minor	None
788	Access of Memory Location After End of Buffer
	Major	Description
	Minor	None
790	Improper Filtering of Special Elements
	Major	Description
	Minor	None
791	Incomplete Filtering of Special Elements
	Major	Description
	Minor	None
792	Incomplete Filtering of One or More Instances of Special Elements
	Major	Description
	Minor	None
793	Only Filtering One Instance of a Special Element
	Major	Description
	Minor	None
794	Incomplete Filtering of Multiple Instances of Special Elements
	Major	Description
	Minor	None
795	Only Filtering Special Elements at a Specified Location
	Major	Description
	Minor	None
796	Only Filtering Special Elements Relative to a Marker
	Major	Description
	Minor	None
797	Only Filtering Special Elements at an Absolute Position
	Major	Description
	Minor	None
798	Use of Hard-coded Credentials
	Major	Description, Detection_Factors, Maintenance_Notes, Potential_Mitigations, Taxonomy_Mappings
	Minor	None
799	Improper Control of Interaction Frequency
	Major	Description
	Minor	None
804	Guessable CAPTCHA
	Major	Description
	Minor	None
805	Buffer Access with Incorrect Length Value
	Major	Description, Detection_Factors, Potential_Mitigations
	Minor	None
806	Buffer Access Using Size of Source Buffer
	Major	Description
	Minor	None
807	Reliance on Untrusted Inputs in a Security Decision
	Major	Description
	Minor	None
820	Missing Synchronization
	Major	Description
	Minor	None
821	Incorrect Synchronization
	Major	Description
	Minor	None
822	Untrusted Pointer Dereference
	Major	Common_Consequences, Description
	Minor	None
823	Use of Out-of-range Pointer Offset
	Major	Description
	Minor	None
824	Access of Uninitialized Pointer
	Major	Common_Consequences, Description
	Minor	None
825	Expired Pointer Dereference
	Major	Common_Consequences, Description
	Minor	None
826	Premature Release of Resource During Expected Lifetime
	Major	Common_Consequences, Description
	Minor	None
827	Improper Control of Document Type Definition
	Major	Description
	Minor	None
828	Signal Handler with Functionality that is not Asynchronous-Safe
	Major	Common_Consequences, Description, Potential_Mitigations
	Minor	None
829	Inclusion of Functionality from Untrusted Control Sphere
	Major	Description, Related_Attack_Patterns
	Minor	None
830	Inclusion of Web Functionality from an Untrusted Source
	Major	Description
	Minor	None
831	Signal Handler Function Associated with Multiple Signals
	Major	Common_Consequences, Description
	Minor	None
832	Unlock of a Resource that is not Locked
	Major	Common_Consequences, Description
	Minor	None
833	Deadlock
	Major	Description
	Minor	None
834	Excessive Iteration
	Major	Common_Consequences, Description, Relationships
	Minor	None
835	Loop with Unreachable Exit Condition ('Infinite Loop')
	Major	Description, Observed_Examples
	Minor	None
836	Use of Password Hash Instead of Password for Authentication
	Major	Description
	Minor	None
837	Improper Enforcement of a Single, Unique Action
	Major	Common_Consequences, Description
	Minor	None
838	Inappropriate Encoding for Output Context
	Major	Description
	Minor	None
839	Numeric Range Comparison Without Minimum Check
	Major	Alternate_Terms, Description
	Minor	None
841	Improper Enforcement of Behavioral Workflow
	Major	Common_Consequences, Description
	Minor	None
842	Placement of User into Incorrect Group
	Major	Description
	Minor	None
843	Access of Resource Using Incompatible Type ('Type Confusion')
	Major	Description
	Minor	None
862	Missing Authorization
	Major	Description, Potential_Mitigations
	Minor	None
863	Incorrect Authorization
	Major	Description, Potential_Mitigations
	Minor	None
908	Use of Uninitialized Resource
	Major	Description, Potential_Mitigations
	Minor	None
909	Missing Initialization of Resource
	Major	Description, Potential_Mitigations, Relationships
	Minor	None
910	Use of Expired File Descriptor
	Major	Description
	Minor	None
911	Improper Update of Reference Count
	Major	Description
	Minor	None
912	Hidden Functionality
	Major	Applicable_Platforms, Description, Potential_Mitigations
	Minor	None
913	Improper Control of Dynamically-Managed Code Resources
	Major	Description
	Minor	None
914	Improper Control of Dynamically-Identified Variables
	Major	Description
	Minor	None
915	Improperly Controlled Modification of Dynamically-Determined Object Attributes
	Major	Description, Observed_Examples
	Minor	None
916	Use of Password Hash With Insufficient Computational Effort
	Major	Description
	Minor	None
917	Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
	Major	Description
	Minor	None
920	Improper Restriction of Power Consumption
	Major	Description
	Minor	None
921	Storage of Sensitive Data in a Mechanism without Access Control
	Major	Description
	Minor	None
922	Insecure Storage of Sensitive Information
	Major	Description
	Minor	None
923	Improper Restriction of Communication Channel to Intended Endpoints
	Major	Description, Related_Attack_Patterns, Relationships
	Minor	None
924	Improper Enforcement of Message Integrity During Transmission in a Communication Channel
	Major	Description
	Minor	None
939	Improper Authorization in Handler for Custom URL Scheme
	Major	Description
	Minor	None
940	Improper Verification of Source of a Communication Channel
	Major	Description, Related_Attack_Patterns
	Minor	None
941	Incorrectly Specified Destination in a Communication Channel
	Major	Description
	Minor	None
942	Permissive Cross-domain Policy with Untrusted Domains
	Major	Description, Relationships
	Minor	None
943	Improper Neutralization of Special Elements in Data Query Logic
	Major	Description
	Minor	None
1004	Sensitive Cookie Without 'HttpOnly' Flag
	Major	Description
	Minor	None
1007	Insufficient Visual Distinction of Homoglyphs Presented to User
	Major	Demonstrative_Examples, Description, Related_Attack_Patterns
	Minor	None
1021	Improper Restriction of Rendered UI Layers or Frames
	Major	Related_Attack_Patterns
	Minor	None
1023	Incomplete Comparison with Missing Factors
	Major	Description
	Minor	None
1024	Comparison of Incompatible Types
	Major	Description
	Minor	None
1041	Use of Redundant Code
	Major	Description
	Minor	None
1042	Static Member Data Element outside of a Singleton Class Element
	Major	Description
	Minor	None
1043	Data Element Aggregating an Excessively Large Number of Non-Primitive Elements
	Major	Description
	Minor	None
1044	Architecture with Number of Horizontal Layers Outside of Expected Range
	Major	Description
	Minor	None
1045	Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor
	Major	Description
	Minor	None
1046	Creation of Immutable Text Using String Concatenation
	Major	Description
	Minor	None
1047	Modules with Circular Dependencies
	Major	Description
	Minor	None
1048	Invokable Control Element with Large Number of Outward Calls
	Major	Description
	Minor	None
1049	Excessive Data Query Operations in a Large Data Table
	Major	Description
	Minor	None
1050	Excessive Platform Resource Consumption within a Loop
	Major	Description
	Minor	None
1051	Initialization with Hard-Coded Network Resource Configuration Data
	Major	Description
	Minor	None
1052	Excessive Use of Hard-Coded Literals in Initialization
	Major	Description
	Minor	None
1054	Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer
	Major	Description
	Minor	None
1055	Multiple Inheritance from Concrete Classes
	Major	Description
	Minor	None
1056	Invokable Control Element with Variadic Parameters
	Major	Description
	Minor	None
1057	Data Access Operations Outside of Expected Data Manager Component
	Major	Description
	Minor	None
1058	Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element
	Major	Description
	Minor	None
1059	Insufficient Technical Documentation
	Major	Applicable_Platforms, Relationships
	Minor	None
1060	Excessive Number of Inefficient Server-Side Data Accesses
	Major	Description
	Minor	None
1061	Insufficient Encapsulation
	Major	Description
	Minor	None
1062	Parent Class with References to Child Class
	Major	Description
	Minor	None
1063	Creation of Class Instance within a Static Code Block
	Major	Description
	Minor	None
1064	Invokable Control Element with Signature Containing an Excessive Number of Parameters
	Major	Description
	Minor	None
1065	Runtime Resource Management Control Element in a Component Built to Run on Application Servers
	Major	Description
	Minor	None
1066	Missing Serialization Control Element
	Major	Description
	Minor	None
1067	Excessive Execution of Sequential Searches of Data Resource
	Major	Description
	Minor	None
1068	Inconsistency Between Implementation and Documented Design
	Major	Applicable_Platforms, Description, Relationships
	Minor	None
1069	Empty Exception Block
	Major	Description
	Minor	None
1070	Serializable Data Element Containing non-Serializable Item Elements
	Major	Description
	Minor	None
1072	Data Resource Access without Use of Connection Pooling
	Major	Description
	Minor	None
1073	Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses
	Major	Description
	Minor	None
1074	Class with Excessively Deep Inheritance
	Major	Description
	Minor	None
1075	Unconditional Control Flow Transfer outside of Switch Block
	Major	Description
	Minor	None
1076	Insufficient Adherence to Expected Conventions
	Major	Description
	Minor	None
1077	Floating Point Comparison with Incorrect Operator
	Major	Description
	Minor	None
1079	Parent Class without Virtual Destructor Method
	Major	Description
	Minor	None
1080	Source Code File with Excessive Number of Lines of Code
	Major	Description
	Minor	None
1082	Class Instance Self Destruction Control Element
	Major	Description
	Minor	None
1083	Data Access from Outside Expected Data Manager Component
	Major	Description
	Minor	None
1084	Invokable Control Element with Excessive File or Data Access Operations
	Major	Description
	Minor	None
1085	Invokable Control Element with Excessive Volume of Commented-out Code
	Major	Description
	Minor	None
1087	Class with Virtual Method without a Virtual Destructor
	Major	Description
	Minor	None
1088	Synchronous Access of Remote Resource without Timeout
	Major	Description
	Minor	None
1089	Large Data Table with Excessive Number of Indices
	Major	Description
	Minor	None
1090	Method Containing Access of a Member Element from Another Class
	Major	Description
	Minor	None
1091	Use of Object without Invoking Destructor Method
	Major	Description
	Minor	None
1092	Use of Same Invokable Control Element in Multiple Architectural Layers
	Major	Description
	Minor	None
1093	Excessively Complex Data Representation
	Major	Description
	Minor	None
1094	Excessive Index Range Scan for a Data Resource
	Major	Description
	Minor	None
1095	Loop Condition Value Update within the Loop
	Major	Description
	Minor	None
1096	Singleton Class Instance Creation without Proper Locking or Synchronization
	Major	Description
	Minor	None
1097	Persistent Storable Data Element without Associated Comparison Control Element
	Major	Description
	Minor	None
1098	Data Element containing Pointer Item without Proper Copy Control Element
	Major	Description
	Minor	None
1099	Inconsistent Naming Conventions for Identifiers
	Major	Description
	Minor	None
1100	Insufficient Isolation of System-Dependent Functions
	Major	Description
	Minor	None
1101	Reliance on Runtime Component in Generated Code
	Major	Description
	Minor	None
1102	Reliance on Machine-Dependent Data Representation
	Major	Description
	Minor	None
1103	Use of Platform-Dependent Third Party Components
	Major	Description
	Minor	None
1104	Use of Unmaintained Third Party Components
	Major	Applicable_Platforms, Description, Relationships
	Minor	None
1105	Insufficient Encapsulation of Machine-Dependent Functionality
	Major	Description
	Minor	None
1106	Insufficient Use of Symbolic Constants
	Major	Description
	Minor	None
1107	Insufficient Isolation of Symbolic Constant Definitions
	Major	Description
	Minor	None
1108	Excessive Reliance on Global Variables
	Major	Description
	Minor	None
1109	Use of Same Variable for Multiple Purposes
	Major	Description
	Minor	None
1110	Incomplete Design Documentation
	Major	Applicable_Platforms, Relationships
	Minor	None
1113	Inappropriate Comment Style
	Major	Description
	Minor	None
1114	Inappropriate Whitespace Style
	Major	Description
	Minor	None
1115	Source Code Element without Standard Prologue
	Major	Description
	Minor	None
1116	Inaccurate Comments
	Major	Description
	Minor	None
1117	Callable with Insufficient Behavioral Summary
	Major	Description
	Minor	None
1119	Excessive Use of Unconditional Branching
	Major	Description
	Minor	None
1120	Excessive Code Complexity
	Major	Description
	Minor	None
1121	Excessive McCabe Cyclomatic Complexity
	Major	Description
	Minor	None
1122	Excessive Halstead Complexity
	Major	Description
	Minor	None
1123	Excessive Use of Self-Modifying Code
	Major	Description
	Minor	None
1124	Excessively Deep Nesting
	Major	Description
	Minor	None
1126	Declaration of Variable with Unnecessarily Wide Scope
	Major	Description
	Minor	None
1127	Compilation with Insufficient Warnings or Errors
	Major	Description
	Minor	None
1164	Irrelevant Code
	Major	Description
	Minor	None
1173	Improper Use of Validation Framework
	Major	Description
	Minor	None
1176	Inefficient CPU Computation
	Major	Description
	Minor	None
1177	Use of Prohibited Code
	Major	Description
	Minor	None
1188	Insecure Default Initialization of Resource
	Major	Description
	Minor	None
1198	Privilege Separation and Access Control Issues
	Major	Relationships
	Minor	None
1199	General Circuit and Logic Design Concerns
	Major	Relationships
	Minor	None
1206	Power, Clock, Thermal, and Reset Concerns
	Major	Relationships
	Minor	None
1207	Debug and Test Problems
	Major	Relationships
	Minor	None
1208	Cross-Cutting Problems
	Major	Relationships
	Minor	None
1209	Failure to Disable Reserved Bits
	Major	Demonstrative_Examples
	Minor	None
1222	Insufficient Granularity of Address Regions Protected by Register Locks
	Major	Relationships
	Minor	None
1236	Improper Neutralization of Formula Elements in a CSV File
	Major	Description
	Minor	None
1242	Inclusion of Undocumented Features or Chicken Bits
	Major	Applicable_Platforms
	Minor	None
1247	Improper Protection Against Voltage and Clock Glitches
	Major	Applicable_Platforms, Related_Attack_Patterns, Relationships
	Minor	None
1248	Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
	Major	Related_Attack_Patterns, Relationships
	Minor	None
1249	Application-Level Admin Tool with Inconsistent View of Underlying Operating System
	Major	Description
	Minor	None
1250	Improper Preservation of Consistency Between Independent Representations of Shared State
	Major	Relationships
	Minor	None
1256	Improper Restriction of Software Interfaces to Hardware Features
	Major	Related_Attack_Patterns
	Minor	None
1257	Improper Access Control Applied to Mirrored or Aliased Memory Regions
	Major	Related_Attack_Patterns
	Minor	None
1259	Improper Restriction of Security Token Assignment
	Major	Description
	Minor	None
1260	Improper Handling of Overlap Between Protected Memory Ranges
	Major	Related_Attack_Patterns
	Minor	None
1265	Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls
	Major	Description
	Minor	None
1266	Improper Scrubbing of Sensitive Data from Decommissioned Device
	Major	Related_Attack_Patterns
	Minor	None
1268	Policy Privileges are not Assigned Consistently Between Control and Data Agents
	Major	Demonstrative_Examples
	Minor	None
1271	Uninitialized Value on Reset for Registers Holding Security Settings
	Major	Relationships
	Minor	None
1274	Improper Access Control for Volatile Memory Containing Boot Code
	Major	Related_Attack_Patterns
	Minor	None
1275	Sensitive Cookie with Improper SameSite Attribute
	Major	Relationships
	Minor	None
1278	Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
	Major	Related_Attack_Patterns
	Minor	None
1282	Assumed-Immutable Data is Stored in Writable Memory
	Major	Related_Attack_Patterns
	Minor	None
1290	Incorrect Decoding of Security Identifiers
	Major	Demonstrative_Examples
	Minor	None
1293	Missing Source Correlation of Multiple Independent Data
	Major	Description
	Minor	None
1296	Incorrect Chaining or Granularity of Debug Components
	Major	Related_Attack_Patterns
	Minor	None
1297	Unprotected Confidential Information on Device is Accessible by OSAT Vendors
	Major	Maintenance_Notes
	Minor	None
1299	Missing Protection Mechanism for Alternate Hardware Interface
	Major	Related_Attack_Patterns
	Minor	None
1300	Improper Protection of Physical Side Channels
	Major	Related_Attack_Patterns
	Minor	None
1312	Missing Protection for Mirrored Regions in On-Chip Fabric Firewall
	Major	Related_Attack_Patterns
	Minor	None
1316	Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges
	Major	Related_Attack_Patterns
	Minor	None
1319	Improper Protection against Electromagnetic Fault Injection (EM-FI)
	Major	Related_Attack_Patterns
	Minor	None
1321	Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
	Major	Description
	Minor	None
1324	DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Modes_of_Introduction, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships, Time_of_Introduction, Type
	Minor	None
1329	Reliance on Component That is Not Updateable
	Major	Applicable_Platforms, Relationships
	Minor	Description
1332	Improper Handling of Faults that Lead to Instruction Skips
	Major	Potential_Mitigations, Related_Attack_Patterns
	Minor	None
1333	Inefficient Regular Expression Complexity
	Major	Demonstrative_Examples, Observed_Examples
	Minor	None
1334	Unauthorized Error Injection Can Degrade Hardware Redundancy
	Major	Related_Attack_Patterns
	Minor	None
1338	Improper Protections Against Hardware Overheating
	Major	Applicable_Platforms, Related_Attack_Patterns
	Minor	None
1339	Insufficient Precision or Accuracy of a Real Number
	Major	Common_Consequences, Description, Potential_Mitigations
	Minor	None
1351	Improper Handling of Hardware Behavior in Exceptionally Cold Environments
	Major	Related_Attack_Patterns
	Minor	None
1357	Reliance on Insufficiently Trustworthy Component
	Major	Applicable_Platforms, Description, Maintenance_Notes, Modes_of_Introduction, Name, Potential_Mitigations, Relationships
	Minor	None
1358	Weaknesses in SEI ETF Categories of Security Vulnerabilities in ICS
	Major	Maintenance_Notes, Relationship_Notes
	Minor	None
1359	ICS Communications
	Major	Maintenance_Notes, Relationship_Notes
	Minor	None
1360	ICS Dependencies (& Architecture)
	Major	Maintenance_Notes, Relationship_Notes
	Minor	None
1361	ICS Supply Chain
	Major	Maintenance_Notes, Relationship_Notes
	Minor	None
1362	ICS Engineering (Constructions/Deployment)
	Major	Maintenance_Notes, Relationship_Notes
	Minor	None
1363	ICS Operations (& Maintenance)
	Major	Maintenance_Notes, Relationship_Notes
	Minor	None
1364	ICS Communications: Zone Boundary Failures
	Major	Description, Maintenance_Notes, Relationship_Notes
	Minor	None
1365	ICS Communications: Unreliability
	Major	Description, Maintenance_Notes, Relationship_Notes
	Minor	None
1366	ICS Communications: Frail Security in Protocols
	Major	Description, Maintenance_Notes, Relationship_Notes
	Minor	None
1367	ICS Dependencies (& Architecture): External Physical Systems
	Major	Description, Maintenance_Notes, Relationship_Notes, Relationships
	Minor	None
1368	ICS Dependencies (& Architecture): External Digital Systems
	Major	Description, Maintenance_Notes, Relationship_Notes, Relationships
	Minor	None
1369	ICS Supply Chain: IT/OT Convergence/Expansion
	Major	Description, Maintenance_Notes, Relationship_Notes, Relationships
	Minor	None
1370	ICS Supply Chain: Common Mode Frailties
	Major	Description, Maintenance_Notes, Relationship_Notes, Relationships
	Minor	None
1371	ICS Supply Chain: Poorly Documented or Undocumented Features
	Major	Description, Maintenance_Notes, Relationship_Notes, Relationships
	Minor	None
1372	ICS Supply Chain: OT Counterfeit and Malicious Corruption
	Major	Description, Maintenance_Notes, Relationship_Notes
	Minor	None
1373	ICS Engineering (Construction/Deployment): Trust Model Problems
	Major	Description, Maintenance_Notes, Relationship_Notes
	Minor	None
1374	ICS Engineering (Construction/Deployment): Maker Breaker Blindness
	Major	Description, Maintenance_Notes, Relationship_Notes
	Minor	None
1375	ICS Engineering (Construction/Deployment): Gaps in Details/Data
	Major	Description, Maintenance_Notes, Relationship_Notes, Relationships
	Minor	None
1376	ICS Engineering (Construction/Deployment): Security Gaps in Commissioning
	Major	Description, Maintenance_Notes, Relationship_Notes, Relationships
	Minor	None
1377	ICS Engineering (Construction/Deployment): Inherent Predictability in Design
	Major	Description, Maintenance_Notes, Relationship_Notes
	Minor	None
1378	ICS Operations (& Maintenance): Gaps in obligations and training
	Major	Description, Maintenance_Notes, Relationship_Notes
	Minor	None
1379	ICS Operations (& Maintenance): Human factors in ICS environments
	Major	Description, Maintenance_Notes, Relationship_Notes
	Minor	None
1380	ICS Operations (& Maintenance): Post-analysis changes
	Major	Description, Maintenance_Notes, Relationship_Notes
	Minor	None
1381	ICS Operations (& Maintenance): Exploitable Standard Operational Procedures
	Major	Description, Maintenance_Notes, Relationship_Notes
	Minor	None
1382	ICS Operations (& Maintenance): Emerging Energy Technologies
	Major	Description, Maintenance_Notes, Relationship_Notes
	Minor	None
1383	ICS Operations (& Maintenance): Compliance/Conformance with Regulatory Requirements
	Major	Description, Maintenance_Notes, Relationship_Notes
	Minor	None
1384	Improper Handling of Physical or Environmental Conditions
	Major	Applicable_Platforms, Relationships
	Minor	None
1385	Missing Origin Validation in WebSockets
	Major	Description
	Minor	None
1386	Insecure Operation on Windows Junction / Mount Point
	Major	Description, Potential_Mitigations
	Minor	None
1390	Weak Authentication
	Major	Applicable_Platforms, Demonstrative_Examples, Observed_Examples, References, Relationships
	Minor	None
1391	Use of Weak Credentials
	Major	Applicable_Platforms, Demonstrative_Examples, Observed_Examples, References
	Minor	None
1392	Use of Default Credentials
	Major	Applicable_Platforms, Demonstrative_Examples, Observed_Examples, References
	Minor	None
1393	Use of Default Password
	Major	Applicable_Platforms, Demonstrative_Examples, Observed_Examples, References, Relationships
	Minor	None

Page Last Updated: January 31, 2023


	Site Map \| Terms of Use \| Manage Cookies \| Cookie Notice \| Privacy Policy \| Contact Us \| Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2025, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.

Common Weakness Enumeration