Cwe 20

🧬 CWE Related 125

slug: cwe-20

Explanation

CWE-20は「ユーザーから受け取ったデータが、想定された形式・範囲・型かをきちんとチェックせずに使ってしまう欠陥」のことです。非常に広い概念で、SQLi・XSS・コマンドインジェクションなど多くの攻撃の前段階となります。「入力は信用するな (Trust Boundaries の概念)」がセキュリティ設計の基本原則です。

📌 Example

多くのCISA KEV登録CVEがこのCWEに分類されており、2024年だけで100件以上の悪用事例があります。

🔗 Related links

MITRE CWE-20 公式ページ ↗

🔖 Related tags

Cwe 78120 Cwe 787105 Cwe 41699 Cwe 2296 Cwe 11990 Cwe 9484 Cwe 50270 Cwe 7966 Cwe 8954 Cwe 91844 Cwe 28443 Cwe 28741 Cwe 7740 Cwe 30638 Cwe 84337

🛡 Vulnerabilities tagged with this 128

ID	Title	Severity	Detected
CVE-2017-3881 KEV	[KEV] Vulnerability in Cisco ios-and-ios-xe (CVE-2017-3881)	High	4 years ago
CVE-2017-0146 KEV	[KEV] Vulnerability in Microsoft windows (CVE-2017-0146)	High	4 years ago
CVE-2013-2251 KEV	[KEV] Vulnerability in Apache struts (CVE-2013-2251)	High	4 years ago
CVE-2012-1823 KEV	[KEV] Vulnerability in php (CVE-2012-1823)	High	4 years ago
CVE-2010-3035 KEV	[KEV] Vulnerability in Cisco ios-xr (CVE-2010-3035)	High	4 years ago
CVE-2009-2055 KEV	[KEV] Vulnerability in Cisco ios-xr (CVE-2009-2055)	High	4 years ago
CVE-2009-0927 KEV	[KEV] Vulnerability in Adobe reader-and-acrobat (CVE-2009-0927)	High	4 years ago
CVE-2021-21973 KEV	[KEV] Vulnerability in Vmware vcenter-server-and-cloud-foundation (CVE-2021-21973)	High	4 years ago
CVE-2019-1652 KEV	[KEV] Vulnerability in Cisco small-business-rv320-and-rv325-dual-gigabit-wan-vpn-routers (CVE-2019-1652)	High	4 years ago
CVE-2018-0174 KEV	[KEV] Vulnerability in Cisco ios-xe-software (CVE-2018-0174)	High	4 years ago
CVE-2018-0173 KEV	[KEV] Vulnerability in Cisco ios-and-ios-xe-software (CVE-2018-0173)	High	4 years ago
CVE-2018-0172 KEV	[KEV] Vulnerability in Cisco ios-and-ios-xe-software (CVE-2018-0172)	High	4 years ago
CVE-2018-0159 KEV	[KEV] Vulnerability in cisco (CVE-2018-0159)	High	4 years ago
CVE-2018-0158 KEV	[KEV] Vulnerability in cisco (CVE-2018-0158)	High	4 years ago
CVE-2017-12319 KEV	[KEV] Vulnerability in Cisco ios-xe-software (CVE-2017-12319)	High	4 years ago
CVE-2017-12240 KEV	[KEV] Vulnerability in Cisco ios-and-ios-xe-software (CVE-2017-12240)	High	4 years ago
CVE-2017-12235 KEV	[KEV] Vulnerability in Cisco ios-software (CVE-2017-12235)	High	4 years ago
CVE-2017-12234 KEV	[KEV] Vulnerability in Cisco ios-software (CVE-2017-12234)	High	4 years ago
CVE-2017-12233 KEV	[KEV] Vulnerability in Cisco ios-software (CVE-2017-12233)	High	4 years ago
CVE-2016-8562 KEV	[KEV] Vulnerability in Siemens simatic-cp (CVE-2016-8562)	High	4 years ago
CVE-2016-7262 KEV	[KEV] Vulnerability in Microsoft excel (CVE-2016-7262)	High	4 years ago
CVE-2015-2545 KEV	[KEV] Vulnerability in Microsoft office (CVE-2015-2545)	High	4 years ago
CVE-2014-4114 KEV	[KEV] Vulnerability in Microsoft windows (CVE-2014-4114)	High	4 years ago
CVE-2013-5065 KEV	[KEV] Vulnerability in Microsoft windows (CVE-2013-5065)	High	4 years ago
CVE-2009-1123 KEV	[KEV] Vulnerability in Microsoft windows (CVE-2009-1123)	High	4 years ago
CVE-2022-24086 KEV	[KEV] Vulnerability in Adobe commerce-and-magento-open-source (CVE-2022-24086)	High	4 years ago
CVE-2017-9791 KEV	[KEV] Vulnerability in Apache struts-1 (CVE-2017-9791)	High	4 years ago
CVE-2017-0145 KEV	[KEV] Vulnerability in Microsoft smbv1 (CVE-2017-0145)	High	4 years ago
CVE-2017-0144 KEV	[KEV] Vulnerability in Microsoft smbv1 (CVE-2017-0144)	High	4 years ago
CVE-2016-3088 KEV	[KEV] Vulnerability in Apache activemq (CVE-2016-3088)	High	4 years ago

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →