Skip to main content

CWEs that violate the OWASP Mobile standard

This table lists all the CWEs that may cause an application to not pass a policy that includes an OWASP Mobile policy rule.

CWE IDCWE nameStatic supportVeracode severity
15External Control of System or Configuration SettingX4 - High
73External Control of File Name or PathX3 - Medium
77Improper Neutralization of Special Elements in a CommandX5 - Very High
78Improper Neutralization of Special Elements in an OS CommandX5 - Very High
80Improper Neutralization of Script Related HTML TagsX3 - Medium
88Improper Neutralization of Argument DelimetersX3 - Medium
89Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)X4 - High
114Process ControlX5 - Very High
183Permissive List of Allowed InputsX3 - Medium
201Information Exposure Through Sent DataX2 - Low
209Information Exposure Through an Error MessageX2 - Low
215Information Exposure Through Debug InformationX2 - Low
242Use of Inherently Dangerous FunctionX5 - Very High
252Unchecked Return ValueX2 - Low
256Unprotected Storage of CredentialsX3 - Medium
259Use of Hard-coded PasswordX3 - Medium
287Improper AuthenticationX4 - High
296Improper Following of a Certificate's Chain of Trust 3 - Medium
297Improper Validation of Certificate with Host MismatchX3 - Medium
311Missing Encryption of Sensitive DataX3 - Medium
312Cleartext Storage of Sensitive InformationX3 - Medium
313Cleartext Storage in a File or on DiskX3 - Medium
316Cleartext Storage of Sensitive Information in MemoryX3 - Medium
319Cleartext Transmission of Sensitive InformationX3 - Medium
321Use of Hard-coded Cryptographic KeyX3 - Medium
326Inadequate Encryption StrengthX3 - Medium
327Use of a Broken or Risky Cryptographic AlgorithmX3 - Medium
329Not Using a Random IV with CBC ModeX2 - Low
331Insufficient EntropyX3 - Medium
345Insufficient Verification of Data AuthenticityX4 - High
347Improper Verification of Cryptographic SignatureX2 - Low
354Improper Validation of Integrity Check ValueX3 - Medium
377Insecure Temporary FileX3 - Medium
378Creation of Temporary File With Insecure Permissions 3 - Medium
404Improper Resource ShutdownX0 - Informational
415Double FreeX3 - Medium
416Use After FreeX2 - Low
470Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection)X3 - Medium
489Leftover Debug CodeX3 - Medium
497Exposure of System Data to an Unauthorized Control SphereX2 - Low
501Trust Boundary ViolationX3 - Medium
506Embedded Malicious CodeX4 - High
511Logic/Time BombX5 - Very High
514Covert ChannelX2 - Low
522Insufficiently Protected CredentialsX3 - Medium
601URL Redirection to Untrusted SiteX3 - Medium
614Sensitive Cookie without Secure AttributeX2 - Low
676Use of Potentially Dangerous FunctionX3 - Medium
693Protection Mechanism FailureX3 - Medium
732Incorrect Permission Assignment for Critical ResourceX3 - Medium
757Selection of Less Secure Algorithm During NegotiationX3 - Medium
798Use of Hard-coded CredentialsX3 - Medium