Cwe 20

🧬 CWE Related 125
slug: cwe-20

Explanation

CWE-20は「ユーザーから受け取ったデータが、想定された形式・範囲・型かをきちんとチェックせずに使ってしまう欠陥」のことです。 非常に広い概念で、SQLi・XSS・コマンドインジェクションなど多くの攻撃の前段階となります。 「入力は信用するな (Trust Boundaries の概念)」がセキュリティ設計の基本原則です。
📌 Example
多くのCISA KEV登録CVEがこのCWEに分類されており、2024年だけで100件以上の悪用事例があります。

🔖 Related tags

🛡 Vulnerabilities tagged with this 1,695

ID Title
CVE-2015-2545 KEV [KEV] Vulnerability in Microsoft office (CVE-2015-2545)
CVE-2017-12233 KEV [KEV] Vulnerability in Cisco ios-software (CVE-2017-12233)
CVE-2016-8562 KEV [KEV] Vulnerability in Siemens simatic-cp (CVE-2016-8562)
CVE-2016-7262 KEV [KEV] Vulnerability in Microsoft excel (CVE-2016-7262)
CVE-2022-24086 KEV [KEV] Vulnerability in Adobe commerce-and-magento-open-source (CVE-2022-24086)
CVE-2021-22787 Vulnerability in dos (CVE-2021-22787)
CVE-2016-3088 KEV [KEV] Vulnerability in Apache activemq (CVE-2016-3088)
CVE-2017-0144 KEV [KEV] Vulnerability in Microsoft smbv1 (CVE-2017-0144)
CVE-2017-0145 KEV [KEV] Vulnerability in Microsoft smbv1 (CVE-2017-0145)
CVE-2017-9791 KEV [KEV] Vulnerability in Apache struts-1 (CVE-2017-9791)
CVE-2022-22587 KEV [KEV] Vulnerability in Apple ios-and-macos (CVE-2022-22587)
CVE-2012-0391 KEV [KEV] Vulnerability in Apache struts-2 (CVE-2012-0391)
CVE-2021-35247 KEV [KEV] Vulnerability in Solarwinds serv-u (CVE-2021-35247)
CVE-2013-3900 KEV [KEV] Vulnerability in Microsoft winverifytrust-function (CVE-2013-3900)
CVE-2021-44832 Vulnerability in org.apache.logging.log4j:log4j-core (CVE-2021-44832)
CVE-2021-45105 Vulnerability in org.apache.logging.log4j:log4j-core (CVE-2021-45105)
CVE-2017-17562 KEV [KEV] Vulnerability in Embedthis goahead (CVE-2017-17562)
CVE-2010-1871 KEV [KEV] Vulnerability in Red hat red-hat (CVE-2010-1871)
CVE-2021-44228 KEV [KEV] Vulnerability in Apache log4j2 (CVE-2021-44228)
CVE-2020-11261 KEV [KEV] Vulnerability in :linux_kernel:Qualcomm (CVE-2020-11261)
CVE-2018-0171 KEV [KEV] Vulnerability in Cisco ios-and-ios-xe (CVE-2018-0171)
CVE-2020-0041 KEV [KEV] Vulnerability in android (CVE-2020-0041)
CVE-2020-3161 KEV [KEV] Vulnerability in cisco (CVE-2020-3161)
CVE-2018-0296 KEV [KEV] Vulnerability in Cisco adaptive-security-appliance-asa (CVE-2018-0296)
CVE-2020-8195 KEV [KEV] Vulnerability in Citrix application-delivery-controller-adc (CVE-2020-8195)
CVE-2017-9822 KEV [KEV] Vulnerability in Dotnetnuke (dnn) dotnetnuke-dnn (CVE-2017-9822)
CVE-2018-7600 KEV [KEV] Vulnerability in drupal (CVE-2018-7600)
CVE-2021-22205 KEV [KEV] Vulnerability in Gitlab community-and-enterprise-editions (CVE-2021-22205)
CVE-2021-38000 KEV [KEV] Vulnerability in Google chromium-intents (CVE-2021-38000)
CVE-2020-1040 KEV [KEV] Vulnerability in Microsoft hyper-v-remotefx (CVE-2020-1040)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →