| HasMember |  Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 6 | J2EE Misconfiguration: Insufficient Session-ID Length |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 7 | J2EE Misconfiguration: Missing Custom Error Page |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 8 | J2EE Misconfiguration: Entity Bean Declared Remote |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 9 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 13 | ASP.NET Misconfiguration: Password in Configuration File |
| HasMember |  Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 20 | Improper Input Validation |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 24 | Path Traversal: '../filedir' |
| HasMember |  Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 36 | Absolute Path Traversal |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 66 | Improper Handling of File Names that Identify Virtual Resources |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 67 | Improper Handling of Windows Device Names |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 69 | Improper Handling of Windows ::DATA Alternate Data Stream |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 72 | Improper Handling of Apple HFS+ Alternate Data Stream Path |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 73 | External Control of File Name or Path |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 75 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 76 | Improper Neutralization of Equivalent Special Elements |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 84 | Improper Neutralization of Encoded URI Schemes in a Web Page |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 88 | Argument Injection or Modification |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 90 | Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 91 | XML Injection (aka Blind XPath Injection) |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 93 | Improper Neutralization of CRLF Sequences ('CRLF Injection') |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 94 | Improper Control of Generation of Code ('Code Injection') |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 95 | Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 96 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 97 | Improper Neutralization of Server-Side Includes (SSI) Within a Web Page |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 98 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 99 | Improper Control of Resource Identifiers ('Resource Injection') |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 115 | Misinterpretation of Input |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 116 | Improper Encoding or Escaping of Output |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 118 | Incorrect Access of Indexable Resource ('Range Error') |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 121 | Stack-based Buffer Overflow |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 122 | Heap-based Buffer Overflow |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 124 | Buffer Underwrite ('Buffer Underflow') |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 130 | Improper Handling of Length Parameter Inconsistency |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 184 | Incomplete Blacklist |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 188 | Reliance on Data/Memory Layout |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 198 | Use of Incorrect Byte Ordering |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 200 | Information Exposure |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 202 | Exposure of Sensitive Data Through Data Queries |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 203 | Information Exposure Through Discrepancy |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 204 | Response Discrepancy Information Exposure |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 205 | Information Exposure Through Behavioral Discrepancy |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 206 | Information Exposure of Internal State Through Behavioral Inconsistency |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 207 | Information Exposure Through an External Behavioral Inconsistency |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 208 | Information Exposure Through Timing Discrepancy |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 209 | Information Exposure Through an Error Message |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 210 | Information Exposure Through Self-generated Error Message |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 211 | Information Exposure Through Externally-Generated Error Message |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 212 | Improper Cross-boundary Removal of Sensitive Data |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 213 | Intentional Information Exposure |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 214 | Information Exposure Through Process Environment |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 215 | Information Exposure Through Debug Information |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 216 | Containment Errors (Container Errors) |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 220 | Sensitive Data Under FTP Root |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 221 | Information Loss or Omission |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 222 | Truncation of Security-relevant Information |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 223 | Omission of Security-relevant Information |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 224 | Obscured Security-relevant Information by Alternate Name |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 226 | Sensitive Information Uncleared Before Release |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 228 | Improper Handling of Syntactically Invalid Structure |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 229 | Improper Handling of Values |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 232 | Improper Handling of Undefined Values |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 233 | Improper Handling of Parameters |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 234 | Failure to Handle Missing Parameter |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 236 | Improper Handling of Undefined Parameters |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 238 | Improper Handling of Incomplete Structural Elements |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 239 | Failure to Handle Incomplete Element |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 240 | Improper Handling of Inconsistent Structural Elements |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 241 | Improper Handling of Unexpected Data Type |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 245 | J2EE Bad Practices: Direct Management of Connections |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 246 | J2EE Bad Practices: Direct Use of Sockets |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 250 | Execution with Unnecessary Privileges |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 256 | Unprotected Storage of Credentials |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 257 | Storing Passwords in a Recoverable Format |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 258 | Empty Password in Configuration File |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 259 | Use of Hard-coded Password |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 260 | Password in Configuration File |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 261 | Weak Cryptography for Passwords |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 262 | Not Using Password Aging |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 263 | Password Aging with Long Expiration |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 266 | Incorrect Privilege Assignment |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 267 | Privilege Defined With Unsafe Actions |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 268 | Privilege Chaining |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 269 | Improper Privilege Management |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 270 | Privilege Context Switching Error |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 271 | Privilege Dropping / Lowering Errors |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 272 | Least Privilege Violation |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 273 | Improper Check for Dropped Privileges |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 274 | Improper Handling of Insufficient Privileges |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 276 | Incorrect Default Permissions |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 277 | Insecure Inherited Permissions |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 278 | Insecure Preserved Inherited Permissions |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 279 | Incorrect Execution-Assigned Permissions |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 280 | Improper Handling of Insufficient Permissions or Privileges |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 281 | Improper Preservation of Permissions |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 282 | Improper Ownership Management |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 283 | Unverified Ownership |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 284 | Improper Access Control |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 285 | Improper Authorization |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 286 | Incorrect User Management |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 287 | Improper Authentication |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 288 | Authentication Bypass Using an Alternate Path or Channel |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 289 | Authentication Bypass by Alternate Name |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 290 | Authentication Bypass by Spoofing |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 291 | Reliance on IP Address for Authentication |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 293 | Using Referer Field for Authentication |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 294 | Authentication Bypass by Capture-replay |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 295 | Improper Certificate Validation |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 296 | Improper Following of a Certificate's Chain of Trust |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 297 | Improper Validation of Certificate with Host Mismatch |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 298 | Improper Validation of Certificate Expiration |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 299 | Improper Check for Certificate Revocation |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 300 | Channel Accessible by Non-Endpoint ('Man-in-the-Middle') |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 301 | Reflection Attack in an Authentication Protocol |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 302 | Authentication Bypass by Assumed-Immutable Data |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 304 | Missing Critical Step in Authentication |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 305 | Authentication Bypass by Primary Weakness |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 306 | Missing Authentication for Critical Function |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 307 | Improper Restriction of Excessive Authentication Attempts |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 308 | Use of Single-factor Authentication |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 309 | Use of Password System for Primary Authentication |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 311 | Missing Encryption of Sensitive Data |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 312 | Cleartext Storage of Sensitive Information |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 313 | Cleartext Storage in a File or on Disk |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 314 | Cleartext Storage in the Registry |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 315 | Cleartext Storage of Sensitive Information in a Cookie |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 316 | Cleartext Storage of Sensitive Information in Memory |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 317 | Cleartext Storage of Sensitive Information in GUI |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 318 | Cleartext Storage of Sensitive Information in Executable |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 319 | Cleartext Transmission of Sensitive Information |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 321 | Use of Hard-coded Cryptographic Key |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 322 | Key Exchange without Entity Authentication |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 323 | Reusing a Nonce, Key Pair in Encryption |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 324 | Use of a Key Past its Expiration Date |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 325 | Missing Required Cryptographic Step |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 326 | Inadequate Encryption Strength |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 327 | Use of a Broken or Risky Cryptographic Algorithm |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 328 | Reversible One-Way Hash |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 329 | Not Using a Random IV with CBC Mode |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 330 | Use of Insufficiently Random Values |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 331 | Insufficient Entropy |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 332 | Insufficient Entropy in PRNG |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 333 | Improper Handling of Insufficient Entropy in TRNG |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 334 | Small Space of Random Values |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 335 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 336 | Same Seed in Pseudo-Random Number Generator (PRNG) |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 337 | Predictable Seed in Pseudo-Random Number Generator (PRNG) |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 338 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 339 | Small Seed Space in PRNG |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 340 | Predictability Problems |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 341 | Predictable from Observable State |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 342 | Predictable Exact Value from Previous Values |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 343 | Predictable Value Range from Previous Values |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 344 | Use of Invariant Value in Dynamically Changing Context |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 345 | Insufficient Verification of Data Authenticity |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 346 | Origin Validation Error |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 347 | Improper Verification of Cryptographic Signature |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 348 | Use of Less Trusted Source |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 349 | Acceptance of Extraneous Untrusted Data With Trusted Data |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 350 | Reliance on Reverse DNS Resolution for a Security-Critical Action |
| HasMember |  Composite - a Compound Element that consists of two or more distinct weaknesses, in which all weaknesses must be present at the same time in order for a potential vulnerability to arise. Removing any of the weaknesses eliminates or sharply reduces the risk. One weakness, X, can be "broken down" into component weaknesses Y and Z. There can be cases in which one weakness might not be essential to a composite, but changes the nature of the composite when it becomes a vulnerability. | 352 | Cross-Site Request Forgery (CSRF) |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 353 | Missing Support for Integrity Check |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 354 | Improper Validation of Integrity Check Value |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 356 | Product UI does not Warn User of Unsafe Actions |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 357 | Insufficient UI Warning of Dangerous Operations |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 358 | Improperly Implemented Security Check for Standard |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 359 | Exposure of Private Information ('Privacy Violation') |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 360 | Trust of System Event Data |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 362 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 363 | Race Condition Enabling Link Following |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 364 | Signal Handler Race Condition |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 366 | Race Condition within a Thread |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 368 | Context Switching Race Condition |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 370 | Missing Check for Certificate Revocation after Initial Check |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 372 | Incomplete Internal State Distinction |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 377 | Insecure Temporary File |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 378 | Creation of Temporary File With Insecure Permissions |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 379 | Creation of Temporary File in Directory with Incorrect Permissions |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 383 | J2EE Bad Practices: Direct Use of Threads |
| HasMember | Composite - a Compound Element that consists of two or more distinct weaknesses, in which all weaknesses must be present at the same time in order for a potential vulnerability to arise. Removing any of the weaknesses eliminates or sharply reduces the risk. One weakness, X, can be "broken down" into component weaknesses Y and Z. There can be cases in which one weakness might not be essential to a composite, but changes the nature of the composite when it becomes a vulnerability. | 384 | Session Fixation |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 385 | Covert Timing Channel |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 386 | Symbolic Name not Mapping to Correct Object |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 390 | Detection of Error Condition Without Action |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 391 | Unchecked Error Condition |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 392 | Missing Report of Error Condition |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 393 | Return of Wrong Status Code |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 394 | Unexpected Status Code or Return Value |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 396 | Declaration of Catch for Generic Exception |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 397 | Declaration of Throws for Generic Exception |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 400 | Uncontrolled Resource Consumption |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 401 | Improper Release of Memory Before Removing Last Reference |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 402 | Transmission of Private Resources into a New Sphere ('Resource Leak') |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 403 | Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 404 | Improper Resource Shutdown or Release |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 405 | Asymmetric Resource Consumption (Amplification) |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 406 | Insufficient Control of Network Message Volume (Network Amplification) |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 407 | Algorithmic Complexity |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 408 | Incorrect Behavior Order: Early Amplification |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 409 | Improper Handling of Highly Compressed Data (Data Amplification) |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 410 | Insufficient Resource Pool |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 412 | Unrestricted Externally Accessible Lock |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 413 | Improper Resource Locking |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 414 | Missing Lock Check |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 415 | Double Free |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 416 | Use After Free |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 419 | Unprotected Primary Channel |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 420 | Unprotected Alternate Channel |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 421 | Race Condition During Access to Alternate Channel |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 422 | Unprotected Windows Messaging Channel ('Shatter') |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 424 | Improper Protection of Alternate Path |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 425 | Direct Request ('Forced Browsing') |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 426 | Untrusted Search Path |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 432 | Dangerous Signal Handler not Disabled During Sensitive Operations |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 434 | Unrestricted Upload of File with Dangerous Type |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 435 | Improper Interaction Between Multiple Correctly-Behaving Entities |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 436 | Interpretation Conflict |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 437 | Incomplete Model of Endpoint Features |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 439 | Behavioral Change in New Version or Environment |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 440 | Expected Behavior Violation |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 441 | Unintended Proxy or Intermediary ('Confused Deputy') |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 444 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 446 | UI Discrepancy for Security Feature |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 447 | Unimplemented or Unsupported Feature in UI |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 450 | Multiple Interpretations of UI Input |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 451 | User Interface (UI) Misrepresentation of Critical Information |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 453 | Insecure Default Variable Initialization |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 454 | External Initialization of Trusted Variables or Data Stores |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 455 | Non-exit on Failed Initialization |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 459 | Incomplete Cleanup |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 462 | Duplicate Key in Associative List (Alist) |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 463 | Deletion of Data Structure Sentinel |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 464 | Addition of Data Structure Sentinel |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 466 | Return of Pointer Value Outside of Expected Range |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 470 | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 471 | Modification of Assumed-Immutable Data (MAID) |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 474 | Use of Function with Inconsistent Implementations |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 475 | Undefined Behavior for Input to API |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 479 | Signal Handler Use of a Non-reentrant Function |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 494 | Download of Code Without Integrity Check |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 501 | Trust Boundary Violation |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 502 | Deserialization of Untrusted Data |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 510 | Trapdoor |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 511 | Logic/Time Bomb |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 512 | Spyware |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 520 | .NET Misconfiguration: Use of Impersonation |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 521 | Weak Password Requirements |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 522 | Insufficiently Protected Credentials |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 523 | Unprotected Transport of Credentials |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 526 | Information Exposure Through Environmental Variables |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 532 | Information Exposure Through Log Files |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 535 | Information Exposure Through Shell Error Message |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 539 | Information Exposure Through Persistent Cookies |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 544 | Missing Standardized Error Handling Mechanism |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 554 | ASP.NET Misconfiguration: Not Using Input Validation Framework |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 555 | J2EE Misconfiguration: Plaintext Password in Configuration File |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 564 | SQL Injection: Hibernate |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 565 | Reliance on Cookies without Validation and Integrity Checking |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 566 | Authorization Bypass Through User-Controlled SQL Primary Key |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 567 | Unsynchronized Access to Shared Data in a Multithreaded Context |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 574 | EJB Bad Practices: Use of Synchronization Primitives |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 575 | EJB Bad Practices: Use of AWT Swing |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 576 | EJB Bad Practices: Use of Java I/O |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 577 | EJB Bad Practices: Use of Sockets |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 578 | EJB Bad Practices: Use of Class Loader |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 579 | J2EE Bad Practices: Non-serializable Object Stored in Session |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 587 | Assignment of a Fixed Address to a Pointer |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 588 | Attempt to Access Child of a Non-structure Pointer |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 589 | Call to Non-ubiquitous API |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 593 | Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 594 | J2EE Framework: Saving Unserializable Objects to Disk |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 598 | Information Exposure Through Query Strings in GET Request |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 599 | Missing Validation of OpenSSL Certificate |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 601 | URL Redirection to Untrusted Site ('Open Redirect') |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 602 | Client-Side Enforcement of Server-Side Security |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 603 | Use of Client-Side Authentication |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 605 | Multiple Binds to the Same Port |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 610 | Externally Controlled Reference to a Resource in Another Sphere |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 612 | Information Exposure Through Indexing of Private Data |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 613 | Insufficient Session Expiration |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 618 | Exposed Unsafe ActiveX Method |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 620 | Unverified Password Change |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 623 | Unsafe ActiveX Control Marked Safe For Scripting |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 636 | Not Failing Securely ('Failing Open') |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 637 | Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 638 | Not Using Complete Mediation |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 639 | Authorization Bypass Through User-Controlled Key |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 640 | Weak Password Recovery Mechanism for Forgotten Password |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 641 | Improper Restriction of Names for Files and Other Resources |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 642 | External Control of Critical State Data |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 644 | Improper Neutralization of HTTP Headers for Scripting Syntax |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 645 | Overly Restrictive Account Lockout Mechanism |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 646 | Reliance on File Name or Extension of Externally-Supplied File |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 647 | Use of Non-Canonical URL Paths for Authorization Decisions |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 648 | Incorrect Use of Privileged APIs |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 649 | Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 650 | Trusting HTTP Permission Methods on the Server Side |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 651 | Information Exposure Through WSDL File |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 653 | Insufficient Compartmentalization |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 654 | Reliance on a Single Factor in a Security Decision |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 655 | Insufficient Psychological Acceptability |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 656 | Reliance on Security Through Obscurity |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 657 | Violation of Secure Design Principles |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 662 | Improper Synchronization |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 663 | Use of a Non-reentrant Function in a Concurrent Context |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 667 | Improper Locking |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 668 | Exposure of Resource to Wrong Sphere |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 669 | Incorrect Resource Transfer Between Spheres |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 670 | Always-Incorrect Control Flow Implementation |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 671 | Lack of Administrator Control over Security |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 672 | Operation on a Resource after Expiration or Release |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 673 | External Influence of Sphere Definition |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 674 | Uncontrolled Recursion |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 676 | Use of Potentially Dangerous Function |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 682 | Incorrect Calculation |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 691 | Insufficient Control Flow Management |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 693 | Protection Mechanism Failure |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 694 | Use of Multiple Resources with Duplicate Identifier |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 695 | Use of Low-Level Functionality |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 696 | Incorrect Behavior Order |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 703 | Improper Check or Handling of Exceptional Conditions |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 704 | Incorrect Type Conversion or Cast |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 705 | Incorrect Control Flow Scoping |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 706 | Use of Incorrectly-Resolved Name or Reference |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 707 | Improper Enforcement of Message or Data Structure |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 708 | Incorrect Ownership Assignment |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 710 | Improper Adherence to Coding Standards |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 732 | Incorrect Permission Assignment for Critical Resource |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 749 | Exposed Dangerous Method or Function |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 757 | Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 764 | Multiple Locks of a Critical Resource |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 766 | Critical Data Element Declared Public |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 767 | Access to Critical Private Variable via Public Method |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 770 | Allocation of Resources Without Limits or Throttling |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 771 | Missing Reference to Active Allocated Resource |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 772 | Missing Release of Resource after Effective Lifetime |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 773 | Missing Reference to Active File Descriptor or Handle |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 774 | Allocation of File Descriptors or Handles Without Limits or Throttling |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 780 | Use of RSA Algorithm without OAEP |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 781 | Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 782 | Exposed IOCTL with Insufficient Access Control |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 784 | Reliance on Cookies without Validation and Integrity Checking in a Security Decision |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 789 | Uncontrolled Memory Allocation |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 798 | Use of Hard-coded Credentials |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 799 | Improper Control of Interaction Frequency |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 804 | Guessable CAPTCHA |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 807 | Reliance on Untrusted Inputs in a Security Decision |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 862 | Missing Authorization |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 863 | Incorrect Authorization |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 912 | Hidden Functionality |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 913 | Improper Control of Dynamically-Managed Code Resources |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 914 | Improper Control of Dynamically-Identified Variables |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 915 | Improperly Controlled Modification of Dynamically-Determined Object Attributes |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 916 | Use of Password Hash With Insufficient Computational Effort |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 917 | Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 918 | Server-Side Request Forgery (SSRF) |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 920 | Improper Restriction of Power Consumption |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 921 | Storage of Sensitive Data in a Mechanism without Access Control |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 922 | Insecure Storage of Sensitive Information |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 923 | Improper Restriction of Communication Channel to Intended Endpoints |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 924 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 925 | Improper Verification of Intent by Broadcast Receiver |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 926 | Improper Export of Android Application Components |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 927 | Use of Implicit Intent for Sensitive Communication |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 940 | Improper Verification of Source of a Communication Channel |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 941 | Incorrectly Specified Destination in a Communication Channel |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 942 | Overly Permissive Cross-domain Whitelist |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 1004 | Sensitive Cookie Without 'HttpOnly' Flag |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 1007 | Insufficient Visual Distinction of Homoglyphs Presented to User |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 1022 | Use of Web Link to Untrusted Target with window.opener Access |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 1037 | Processor Optimization Removal or Modification of Security-critical Code |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 1038 | Insecure Automated Optimizations |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 1039 | Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 1044 | Architecture with Number of Horizontal Layers Outside of Expected Range |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 1068 | Inconsistency Between Implementation and Documented Design |
| HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 1173 | Improper Use of Validation Framework |
| HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 1174 | ASP.NET Misconfiguration: Improper Model Validation |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 1176 | Inefficient CPU Computation |
| HasMember | Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. | 1177 | Use of Prohibited Code |
Objective
Content History
