Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE CATEGORY:CISQ Quality Measures (2016) - Security
Category ID:1131
Vulnerability Mapping:Prohibited
Status:Draft
DetailsContent HistoryObserved CVE ExamplesReports
▼Summary

Weaknesses in this category are related to the CISQ Quality Measures for Security, as documented in 2016 with the Automated Source Code Security Measure (ASCSM) Specification 1.0. Presence of these weaknesses could reduce the security of the software.

▼Membership
NatureMappingTypeIDName
MemberOfProhibitedV1128CISQ Quality Measures (2016)
HasMemberAllowedB89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
HasMemberAllowed-with-ReviewB120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
HasMemberAllowedV129Improper Validation of Array Index
HasMemberAllowedB134Use of Externally-Controlled Format String
HasMemberAllowedB22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
HasMemberAllowedB252Unchecked Return Value
HasMemberAllowed-with-ReviewC327Use of a Broken or Risky Cryptographic Algorithm
HasMemberAllowedB396Declaration of Catch for Generic Exception
HasMemberAllowedB397Declaration of Throws for Generic Exception
HasMemberAllowedB434Unrestricted Upload of File with Dangerous Type
HasMemberAllowedV456Missing Initialization of a Variable
HasMemberAllowedB606Unchecked Input for Loop Condition
HasMemberAllowed-with-ReviewC667Improper Locking
HasMemberAllowed-with-ReviewC672Operation on a Resource after Expiration or Release
HasMemberAllowedB681Incorrect Conversion between Numeric Types
HasMemberAllowedB772Missing Release of Resource after Effective Lifetime
HasMemberAllowedB835Loop with Unreachable Exit Condition ('Infinite Loop')
HasMemberAllowedB78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
HasMemberAllowedV789Memory Allocation with Excessive Size Value
HasMemberAllowedB79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
HasMemberAllowedB798Use of Hard-coded Credentials
HasMemberAllowed-with-ReviewC99Improper Control of Resource Identifiers ('Resource Injection')
Nature: MemberOf
Mapping: Prohibited
Type: View
ID: 1128
Name: CISQ Quality Measures (2016)
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 89
Name: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Nature: HasMember
Mapping: Allowed-with-Review
Type: Base
ID: 120
Name: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 129
Name: Improper Validation of Array Index
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 134
Name: Use of Externally-Controlled Format String
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 22
Name: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 252
Name: Unchecked Return Value
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 327
Name: Use of a Broken or Risky Cryptographic Algorithm
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 396
Name: Declaration of Catch for Generic Exception
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 397
Name: Declaration of Throws for Generic Exception
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 434
Name: Unrestricted Upload of File with Dangerous Type
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 456
Name: Missing Initialization of a Variable
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 606
Name: Unchecked Input for Loop Condition
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 667
Name: Improper Locking
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 672
Name: Operation on a Resource after Expiration or Release
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 681
Name: Incorrect Conversion between Numeric Types
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 772
Name: Missing Release of Resource after Effective Lifetime
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 835
Name: Loop with Unreachable Exit Condition ('Infinite Loop')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 78
Name: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 789
Name: Memory Allocation with Excessive Size Value
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 79
Name: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 798
Name: Use of Hard-coded Credentials
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 99
Name: Improper Control of Resource Identifiers ('Resource Injection')
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:
Rationale:

This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.

Comments:

See member weaknesses of this category.

▼Notes
▼Taxonomy Mappings
Taxonomy NameEntry IDFitEntry Name
▼References
Reference ID: REF-962
Title: Automated Source Code Security Measure (ASCSM)
Version: v4.15
Author: Object Management Group (OMG)
Publication:
Publisher:
Edition:
URL:http://www.omg.org/spec/ASCSM/1.0/
URL Date:
Day:N/A
Month:01
Year:2016
Reference ID: REF-968
Title: Automated Quality Characteristic Measures
Version: v4.15
Author: Consortium for Information & Software Quality (CISQ)
Publication:
Publisher:
Edition:
URL:http://it-cisq.org/standards/automated-quality-characteristic-measures/
URL Date:
Day:N/A
Month:N/A
Year:2016
Details not found