CWEs that violate the Auto-Update CWE Top 25 standard

This table lists all the CWEs that may cause an application to not pass a policy that includes the Auto-Update CWE Top 25 policy rule.

CWE ID	CWE name	Static support	Dynamic support	Veracode severity
20	Improper Input Validation	X		0 - Informational
22	Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)	X	X	3 - Medium
23	Relative Path Traversal
73	External Control of File Name or Path	X		3 - Medium
77	Improper Neutralization of Special Elements used in a Command ('Command Injection')	X		5 - Very High
78	Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)	X	X	5 - Very High
79	Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)	X	X	3 - Medium
80	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)	X	X	3 - Medium
81	Improper Neutralization of Script in an Error Message Web Page			3 - Medium
83	Improper Neutralization of Script in Attributes in a Web Page		X	3 - Medium
86	Improper Neutralization of Invalid Characters in Identifiers in Web Pages	X		3 - Medium
89	Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)	X	X	4 - High
90	Improper Neutralization of Special Elements used in an LDAP Query (LDAP Injection)	X		3 - Medium
91	XML Injection (aka Blind XPath Injection)	X	X	3 - Medium
94	Improper Control of Generation of Code (Code Injection)	X		3 - Medium
95	Improper Neutralization of Directives in Dynamically Evaluated Code (Eval Injection)	X	X	5 - Very High
98	Improper Control of Filename for Include/Require Statement in PHP Program (PHP Remote File Inclusion)	X	X	4 - High
103	Struts: Incomplete validate() Method Definition	X		3 - Medium
104	Struts: Form Bean Does Not Extend Validation Class	X		3 - Medium
112	Missing XML Validation	X		3 - Medium
119	Improper Restriction of Operations within the Bounds of a Memory Buffer
120	Buffer Copy without Checking Size of Input (Classic Buffer Overflow)			5 - Very High
121	Stack-based Buffer Overflow	X		5 - Very High
125	Out-of-bounds Read	X		3 - Medium
131	Incorrect Calculation of Buffer Size
135	Incorrect Calculation of Multi-Byte String Length	X		5 - Very High
185	Incorrect Regular Expression	X		2 - Low
190	Integer Overflow or Wraparound	X		5 - Very High
259	Use of Hard-coded Password	X	X	3 - Medium
276	Incorrect Default Permissions			3 - Medium
287	Improper Authentication	X	X	4 - High
306	Missing Authentication for Critical Function			3 - Medium
321	Use of Hard-coded Cryptographic Key	X	X	3 - Medium
352	Cross-Site Request Forgery (CSRF)	X	X	3 - Medium
362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
366	Race Condition within a Thread	X		3 - Medium
367	Time-of-check Time-of-use (TOCTOU) Race Condition	X		3 - Medium
400	Uncontrolled Resource Consumption			2 - Low
416	Use After Free	X		2 - Low
434	Unrestricted Upload of File with Dangerous Type		X	4 - High
470	Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection)	X		3 - Medium
476	NULL Pointer Dereference
502	Deserialization of Untrusted Data	X		3 - Medium
564	SQL Injection: Hibernate	X		4 - High
601	URL Redirection to Untrusted Site (Open Redirect)	X	X	3 - Medium
611	Improper Restriction of XML External Entity Reference	X	X	3 - Medium
618	Exposed Unsafe ActiveX Method	X		5 - Very High
693	Protection Mechanism Failure	X	X	3 - Medium
787	Out-of-bounds Write	X		3 - Medium
798	Use of Hard-coded Credentials	X		3 - Medium
830	Inclusion of Web Functionality from an Untrusted Source		X	2 - Low
862	Missing Authorization
915	Improperly Controlled Modification of Dynamically-Determined Object Attributes	X		3 - Medium
918	Server-Side Request Forgery (SSRF)	X	X	3 - Medium
1174	ASP.NET Misconfiguration: Improper Model Validation	X		2 - Low