Cwe 20

🧬 CWE Related 125
slug: cwe-20

Explanation

CWE-20は「ユーザーから受け取ったデータが、想定された形式・範囲・型かをきちんとチェックせずに使ってしまう欠陥」のことです。 非常に広い概念で、SQLi・XSS・コマンドインジェクションなど多くの攻撃の前段階となります。 「入力は信用するな (Trust Boundaries の概念)」がセキュリティ設計の基本原則です。
📌 Example
多くのCISA KEV登録CVEがこのCWEに分類されており、2024年だけで100件以上の悪用事例があります。

🔖 Related tags

🛡 Vulnerabilities tagged with this 1,695

ID Title
CVE-2018-11776 KEV [KEV] Vulnerability in Apache struts (CVE-2018-11776)
CVE-2021-30860 KEV [KEV] Vulnerability in Apple multiple-products (CVE-2021-30860)
CVE-2021-30663 KEV [KEV] Vulnerability in Apple multiple-products (CVE-2021-30663)
CVE-2020-3452 KEV [KEV] Vulnerability in Cisco adaptive-security-appliance-asa-and-firepower-threat-defense-ftd (CVE-2020-3452)
CVE-2018-0171 KEV [KEV] Vulnerability in Cisco ios-and-ios-xe (CVE-2018-0171)
CVE-2020-3161 KEV [KEV] Vulnerability in cisco (CVE-2020-3161)
CVE-2018-0296 KEV [KEV] Vulnerability in Cisco adaptive-security-appliance-asa (CVE-2018-0296)
CVE-2020-8195 KEV [KEV] Vulnerability in Citrix application-delivery-controller-adc (CVE-2020-8195)
CVE-2017-9822 KEV [KEV] Vulnerability in Dotnetnuke (dnn) dotnetnuke-dnn (CVE-2017-9822)
CVE-2018-7600 KEV [KEV] Vulnerability in drupal (CVE-2018-7600)
CVE-2021-22205 KEV [KEV] Vulnerability in Gitlab community-and-enterprise-editions (CVE-2021-22205)
CVE-2021-38000 KEV [KEV] Vulnerability in Google chromium-intents (CVE-2021-38000)
CVE-2021-21220 KEV [KEV] Vulnerability in Google chromium-v8 (CVE-2021-21220)
CVE-2016-3718 KEV [KEV] Vulnerability in imagemagick (CVE-2016-3718)
CVE-2021-22502 KEV [KEV] Vulnerability in Micro focus micro-focus (CVE-2021-22502)
CVE-2016-0185 KEV [KEV] Vulnerability in Microsoft windows (CVE-2016-0185)
CVE-2017-0143 KEV [KEV] Vulnerability in Microsoft windows (CVE-2017-0143)
CVE-2021-31207 KEV [KEV] Vulnerability in Microsoft exchange-server (CVE-2021-31207)
CVE-2020-1040 KEV [KEV] Vulnerability in Microsoft hyper-v-remotefx (CVE-2020-1040)
CVE-2017-8759 KEV [KEV] Vulnerability in Microsoft net-framework (CVE-2017-8759)
CVE-2020-26146 Vulnerability in platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn (CVE-2020-26146)
CVE-2021-33287 Out-of-Bounds Write in dos (CVE-2021-33287)
CVE-2021-35268 Out-of-Bounds Write in tuxera (CVE-2021-35268)
CVE-2021-34432 Vulnerability in eclipse (CVE-2021-34432)
CVE-2021-33012 Vulnerability in rockwellautomation (CVE-2021-33012)
CVE-2021-22768 Vulnerability in dos (CVE-2021-22768)
CVE-2021-22767 Vulnerability in dos (CVE-2021-22767)
CVE-2021-22766 Vulnerability in dos (CVE-2021-22766)
CVE-2021-22765 Vulnerability in dos (CVE-2021-22765)
CVE-2021-30004 Vulnerability in c (CVE-2021-30004)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →