Cwe 20

🧬 CWE Related 125

slug: cwe-20

Explanation

CWE-20は「ユーザーから受け取ったデータが、想定された形式・範囲・型かをきちんとチェックせずに使ってしまう欠陥」のことです。非常に広い概念で、SQLi・XSS・コマンドインジェクションなど多くの攻撃の前段階となります。「入力は信用するな (Trust Boundaries の概念)」がセキュリティ設計の基本原則です。

📌 Example

多くのCISA KEV登録CVEがこのCWEに分類されており、2024年だけで100件以上の悪用事例があります。

🔗 Related links

MITRE CWE-20 公式ページ ↗

🔖 Related tags

Cwe 78120 Cwe 787105 Cwe 41699 Cwe 2296 Cwe 11990 Cwe 9484 Cwe 50270 Cwe 7966 Cwe 8954 Cwe 91844 Cwe 28443 Cwe 28741 Cwe 7740 Cwe 30638 Cwe 84337

🛡 Vulnerabilities tagged with this 128

ID	Title	Severity	Detected
CVE-2021-30900 KEV	[KEV] Vulnerability in Apple ios (CVE-2021-30900)	High	3 years ago
CVE-2015-2291 KEV	[KEV] Vulnerability in Intel ethernet-diagnostics-driver-for-windows (CVE-2015-2291)	High	3 years ago
CVE-2023-22952 KEV	[KEV] Vulnerability in Sugarcrm multiple-products (CVE-2023-22952)	High	3 years ago
CVE-2017-11357 KEV	[KEV] Vulnerability in Telerik user-interface-ui-for-aspnet-ajax (CVE-2017-11357)	High	3 years ago
CVE-2022-42827 KEV	[KEV] Vulnerability in Apple ios-and-ipados (CVE-2022-42827)	High	3 years ago
CVE-2013-6282 KEV	[KEV] Vulnerability in Linux kernel (CVE-2013-6282)	High	3 years ago
CVE-2010-2568 KEV	[KEV] Vulnerability in Microsoft windows (CVE-2010-2568)	High	3 years ago
CVE-2022-32917 KEV	[KEV] Vulnerability in Apple ios (CVE-2022-32917)	High	3 years ago
CVE-2022-37969 KEV	[KEV] Vulnerability in Microsoft windows (CVE-2022-37969)	High	3 years ago
CVE-2022-3075 KEV	[KEV] Vulnerability in Google chromium-mojo (CVE-2022-3075)	High	3 years ago
CVE-2021-31010 KEV	[KEV] Vulnerability in Apple ios (CVE-2021-31010)	High	3 years ago
CVE-2022-32894 KEV	[KEV] Vulnerability in Apple ios-and-macos (CVE-2022-32894)	High	3 years ago
CVE-2022-32893 KEV	[KEV] Vulnerability in Apple ios-and-macos (CVE-2022-32893)	High	3 years ago
CVE-2022-2856 KEV	[KEV] Vulnerability in Google chromium-intents (CVE-2022-2856)	High	3 years ago
CVE-2022-29499 KEV	[KEV] Vulnerability in Mitel mivoice-connect (CVE-2022-29499)	High	3 years ago
CVE-2019-7193 KEV	[KEV] Vulnerability in Qnap qts (CVE-2019-7193)	High	3 years ago
CVE-2012-0151 KEV	[KEV] Vulnerability in Microsoft windows (CVE-2012-0151)	High	3 years ago
CVE-2016-0034 KEV	[KEV] Vulnerability in Microsoft silverlight (CVE-2016-0034)	High	3 years ago
CVE-2013-3896 KEV	[KEV] Vulnerability in Microsoft silverlight (CVE-2013-3896)	High	3 years ago
CVE-2018-19949 KEV	[KEV] Vulnerability in Qnap network-attached-storage-nas (CVE-2018-19949)	High	3 years ago
CVE-2019-11708 KEV	[KEV] Vulnerability in Mozilla firefox-and-thunderbird (CVE-2019-11708)	High	3 years ago
CVE-2007-3010 KEV	[KEV] Vulnerability in Alcatel omnipcx-enterprise (CVE-2007-3010)	High	4 years ago
CVE-2021-42278 KEV	[KEV] Vulnerability in Microsoft active-directory (CVE-2021-42278)	High	4 years ago
CVE-2017-0148 KEV	[KEV] Vulnerability in Microsoft smbv1-server (CVE-2017-0148)	High	4 years ago
CVE-2022-22675 KEV	[KEV] Vulnerability in Apple macos (CVE-2022-22675)	High	4 years ago
CVE-2022-22674 KEV	[KEV] Vulnerability in Apple macos (CVE-2022-22674)	High	4 years ago
CVE-2017-3881 KEV	[KEV] Vulnerability in Cisco ios-and-ios-xe (CVE-2017-3881)	High	4 years ago
CVE-2017-6316 KEV	[KEV] Vulnerability in Citrix netscaler-sd-wan-enterprise (CVE-2017-6316)	High	4 years ago
CVE-2017-0146 KEV	[KEV] Vulnerability in Microsoft windows (CVE-2017-0146)	High	4 years ago
CVE-2012-1823 KEV	[KEV] Vulnerability in php (CVE-2012-1823)	High	4 years ago

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →