Each vulnerability found by VScanner is referred to as an 'issue'. Every issue discovered belongs to a specific category, identified by its group ID.
Below is a table that lists all possible group IDs that VScanner can return, along with their respective descriptions.
Group ID | Issue Group Description |
Improper Access Control | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Improper Interaction Between Multiple Correctly-Behaving Entities | An interaction error occurs when two entities have correct behavior when running independently of each other, but when they are integrated as components in a larger system or process, they introduce incorrect behaviors that may cause resultant weaknesses. |
Improper Control of a Resource Through its Lifetime | The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release. |
Incorrect Calculation | The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management. |
Insufficient Control Flow Management | The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways. |
Protection Mechanism Failure | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
Incorrect Comparison | The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses. |
Improper Check or Handling of Exceptional Conditions | The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product. |
Improper Neutralization | The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component. |
Improper Adherence to Coding Standards | The product does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities. |
Unspecified Threat | Vulnerabilities that have not been classified, or do not have CWE assigned by NIST. |
Comments
0 comments
Please sign in to leave a comment.