Basics

Das Common Weakness Enumeration-Projekt hat die Liste für das Jahr 2022 der 25 gefährlichsten Softwareschwachstellen zusammengestellt.
Die Liste soll die derzeit am meisten vorkommenden Lücken mit den gravierendsten Auswirkungen aufführen.
Sie soll helfen Risiken einzudämmen.
Sie wendet sich an Softwarearchitekte, Designer, Entwickler, Tester, Nutzer, Projektmanager, Sicherheitsforscher, Ausbilder.

Schwachstellen

Platz	ID	Beschreibung
1	CWE-787	Out-of-bounds Write (Buffer-Overflow)
2	CWE-79	Improper Neutralization of Input During Web Page Generation (Cross-Site-Scripting)
3	CWE-89	Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)
4	CWE-20	Improper Input Validation (Command Execution)
5	CWE-125	Out-of-bounds Read
6	CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Execution')
7	CWE-416	Use After Free
8	CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
9	CWE-352	Cross-Site Request Forgery (CSRF)
10	CWE-434	Unrestricted Upload of File with Dangerous Type (File Inclusion)
11	CWE-476	NULL Pointer Dereference
12	CWE-502	Deserialization of Untrusted Data
13	CWE-190	Integer Overflow or Wraparound
14	CWE-287	Improper Authentication
15	CWE-798	Use of Hard-coded Credentials
16	CWE-862	Missing Authorization
17	CWE-77	Improper Neutralization of Special Elements used in a Command ('Command Injection')
18	CWE-306	Missing Authentication for Critical Function
19	CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer
20	CWE-276	Incorrect Default Permissions
21	CWE-918	Server-Side Request Forgery (SSRF)
22	CWE-362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
23	CWE-400	Uncontrolled Resource Consumption
24	CWE-611	Improper Restriction of XML External Entity Reference
25	CWE-94	Improper Control of Generation of Code ('Code Injection')