Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.

2
List of the vulnerablity queries per preset for this version.

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
Apex Apex_Force_com_Code_Quality Async_Future_Method_Inside_Loops Low 1001 1001 1001 1001
Apex Apex_Force_com_Code_Quality Bulkify_Apex_Methods_Using_Collections_In_Methods Low 1002 1002 1002 1002 1002
Apex Apex_Force_com_Code_Quality DML_Statements_Inside_Loops Low 1004 1004 1004 1004 1004
Apex Apex_Force_com_Code_Quality Hardcoded_Messages Information 6514 6514 6514
Apex Apex_Force_com_Code_Quality Hardcoding_Ids Low 1005 1005 1005 1005 1005
Apex Apex_Force_com_Code_Quality Hardcoding_Of_Trigger_New Low 1006 1006 1006 1006
Apex Apex_Force_com_Code_Quality Hardcoding_Of_Trigger_Old Low 1007 1007 1007 1007
Apex Apex_Force_com_Code_Quality Hardcoding_References_To_Static_Resources Low 1008 1008 1008 1008
Apex Apex_Force_com_Code_Quality HTTP_Callouts Information 1009 1009 1009
Apex Apex_Force_com_Code_Quality Multiple_Forms_In_Visualforce_Page Low 1010 1010 1010 1010
Apex Apex_Force_com_Code_Quality Multiple_Trigger_On_same_sObject Low 1011 1011 1011 1011
Apex Apex_Force_com_Code_Quality Queries_With_No_Where_Or_Limit_Clause Low 1012 1012 1012 1012 1012
Apex Apex_Force_com_Code_Quality SOSL_SOQL_Statments_Inside_Loops Low 1014 1014 1014 1014 1014
Apex Apex_Force_com_Code_Quality Test_Assert_Without_Message Information 6519 6519
Apex Apex_Force_com_Code_Quality Test_Methods_With_No_Assert Information 1015 1015 1015
Apex Apex_Force_com_Code_Quality Unused_Variable Information 6520 6520
Apex Apex_Force_com_Code_Quality Use_Of_Ajax_Toolkit Information 1016 1016 1016
Apex Apex_Force_com_Code_Quality Use_of_Hard_Coded_Cryptographic_Key Low 6522 6522 6522 6522 6522 6522 6522 6522 6522 6522 6522 6522 6522 6522
Apex Apex_Force_com_Critical_Security_Risk Reflected_XSS High 1017 1017 1017 1017 1017 1017 1017 1017 1017 1017 1017 1017 1017 1017 1017 1017 1017
Apex Apex_Force_com_Critical_Security_Risk Resource_Injection High 1018 1018 1018 1018 1018 1018 1018 1018 1018 1018 1018 1018 1018 1018 1018 1018
Apex Apex_Force_com_Critical_Security_Risk SOQL_SOSL_Injection High 1019 1019 1019 1019 1019 1019 1019 1019 1019 1019 1019 1019 1019 1019 1019
Apex Apex_Force_com_Critical_Security_Risk Stored_XSS High 1020 1020 1020 1020 1020 1020 1020 1020 1020 1020 1020 1020 1020 1020 1020 1020
Apex Apex_Force_com_Serious_Security_Risk Cookies_Scoping Medium 1021 1021 1021 1021 1021 1021 1021 1021 1021 1021 1021
Apex Apex_Force_com_Serious_Security_Risk CRUD_Delete Medium 1022 1022 1022 1022 1022 1022 1022 1022 1022 1022 1022 1022 1022
Apex Apex_Force_com_Serious_Security_Risk CSRF Medium 1034 1034 1034 1034 1034 1034 1034 1034 1034 1034 1034 1034 1034 1034
Apex Apex_Force_com_Serious_Security_Risk CSRF_With_VF_Call Medium 1035 1035 1035 1035 1035 1035 1035 1035 1035 1035 1035 1035 1035
Apex Apex_Force_com_Serious_Security_Risk Dangerous_Methods Medium 6528 6528 6528 6528 6528 6528 6528 6528
Apex Apex_Force_com_Serious_Security_Risk Dereferenced_Field Medium 1023 1023 1023 1023 1023 1023 1023 1023 1023
Apex Apex_Force_com_Serious_Security_Risk FLS_Create Medium 1024 1024 1024 1024 1024 1024 1024 1024 1024 1024 1024 1024 1024 1024
Apex Apex_Force_com_Serious_Security_Risk FLS_Create_Partial Medium 1025 1025 1025 1025 1025 1025 1025 1025 1025 1025 1025 1025 1025
Apex Apex_Force_com_Serious_Security_Risk FLS_Read Medium 6596 6596 6596 6596 6596 6596 6596 6596 6596 6596 6596 6596 6596
Apex Apex_Force_com_Serious_Security_Risk FLS_Update Medium 1026 1026 1026 1026 1026 1026 1026 1026 1026 1026 1026 1026 1026 1026
Apex Apex_Force_com_Serious_Security_Risk FLS_Update_Partial Medium 1027 1027 1027 1027 1027 1027 1027 1027 1027 1027 1027 1027 1027
Apex Apex_Force_com_Serious_Security_Risk Frame_Spoofing Medium 1028 1028 1028 1028 1028 1028 1028 1028 1028 1028 1028 1028 1028 1028
Apex Apex_Force_com_Serious_Security_Risk HttpSplitting Medium 1029 1029 1029 1029 1029 1029 1029 1029 1029 1029 1029 1029 1029 1029 1029
Apex Apex_Force_com_Serious_Security_Risk inputText_Ignoring_FLS Medium 1030 1030 1030 1030 1030 1030 1030 1030 1030
Apex Apex_Force_com_Serious_Security_Risk Insecure_Cookie Medium 6515 6515 6515 6515 6515 6515 6515 6515 6515 6515
Apex Apex_Force_com_Serious_Security_Risk Insecure_Endpoint Medium 6516 6516 6516 6516 6516 6516 6516 6516
Apex Apex_Force_com_Serious_Security_Risk Sharing Medium 1031 1031 1031 1031 1031 1031 1031 1031 1031 1031 1031 1031 1031
Apex Apex_Force_com_Serious_Security_Risk Sharing_With_Controller Medium
Apex Apex_Force_com_Serious_Security_Risk URL_Redirection_Attack Medium 1033 1033 1033 1033 1033 1033 1033 1033 1033 1033 1033 1033
Apex Apex_ISV_Quality_Rules ActionPoller_Frequency_Check Information 2354 2354
Apex Apex_ISV_Quality_Rules Ajax_Toolkit_From_VF Information 2355 2355
Apex Apex_ISV_Quality_Rules Batch_Apex_exists Information 2356 2356
Apex Apex_ISV_Quality_Rules Batch_Apex_makes_outbound_call Information 2357 2357
Apex Apex_ISV_Quality_Rules DmlOptions_Set_To_False Information 2358 2358
Apex Apex_ISV_Quality_Rules Empty_Catch_Blocks Information 2374 2374
Apex Apex_ISV_Quality_Rules Empty_IfStmt Information 6524 6524
Apex Apex_ISV_Quality_Rules Empty_Methods Information 6525 6525 6525 6525
Apex Apex_ISV_Quality_Rules Empty_WhileStmt Information 6521 6521
Apex Apex_ISV_Quality_Rules Find_Exposed_Test_Data Information 2359 2359
Apex Apex_ISV_Quality_Rules Future_exists Information 2360 2360
Apex Apex_ISV_Quality_Rules Old_API_Version Information 2362 2362 2362 2362 2362
Apex Apex_ISV_Quality_Rules Outbound_Email_Send Information 2363 2363
Apex Apex_ISV_Quality_Rules Report_with_no_Filter Information 2364 2364
Apex Apex_ISV_Quality_Rules SOQL_Dynamic_null_in_Where Information 2365 2365
Apex Apex_ISV_Quality_Rules SOQL_Formula_in_Where Information 2366 2366
Apex Apex_ISV_Quality_Rules SOQL_Hardcoded_null_in_Where Information 2367 2367
Apex Apex_ISV_Quality_Rules SOQL_Relationship_in_Where Information 2368 2368
Apex Apex_ISV_Quality_Rules SOQL_With_All_Fields Information 2369 2369 2369 2369 2369 2369
Apex Apex_ISV_Quality_Rules SOQL_with_All_Fields_in_Loop Information 2370 2370 2370 2370 2370 2370
Apex Apex_ISV_Quality_Rules SOSL_With_Where_Clause Information 2371 2371
Apex Apex_ISV_Quality_Rules Warn_About_Viewstate_Size_Limit Information 2361 2361
Apex Apex_ISV_Quality_Rules Workflow_sends_Emails Information 2372 2372
Apex Apex_Low_Visibility Escape_False_Warning Low 51 51 51 51 51 51
Apex Apex_Low_Visibility Hardcoded_Password Low 52 52 52 52 52 52 52 52 52 52 52 52 52 52 52
Apex Apex_Low_Visibility Parameter_Tampering Low 53 53 53 53 53 53 53 53 53 53 53 53 53
Apex Apex_Low_Visibility Password_misuse Low 54 54 54 54 54 54 54 54 54
Apex Apex_Low_Visibility Potential_Frame_Injection Low 55 55 55 55 55 55 55 55
Apex Apex_Low_Visibility Potential_URL_Redirection_Attack Low 1801 1801 1801 1801 1801 1801 1801 1801 1801
Apex Apex_Low_Visibility Privacy_Violation Low 2769 2769 2769 2769 2769 2769 2769 2769 2769 2769 2769 2769 2769 2769 2769 2769

Page 1 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
Apex Apex_Low_Visibility Second_Order_SOQL_SOSL_Injection Low 56 56 56 56 56 56 56 56 56 56 56 56
Apex Apex_Low_Visibility Use_of_Broken_or_Risky_Cryptographic_Algorithm Low 2258 2258 2258 2258 2258 2258 2258 2258 2258 2258 2258 2258 2258 2258 2258
Apex Apex_Low_Visibility Verbose_Error_Reporting Low 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57
ASP ASP_Best_Coding_Practice Aptca_Methods_Call_Non_Aptca_Methods Information 66 66
ASP ASP_Best_Coding_Practice Dynamic_SQL_Queries Information
ASP ASP_Best_Coding_Practice Empty_Catch Information 70 70 70 70 70 70 70 70
ASP ASP_Best_Coding_Practice Hardcoded_Absolute_Path Information 155 155 155 155 155 155 155 155
ASP ASP_Best_Coding_Practice Hardcoded_Connection_String Information 72 72 72 72 72 72 72 72 72 72
ASP ASP_Best_Coding_Practice Just_One_of_Equals_and_Hash_code_Defined Information 153 153 153 153
ASP ASP_Best_Coding_Practice Missing_XML_Validation Information 75 75 75 75
ASP ASP_Best_Coding_Practice NULL_Argument_to_Equals Information 77
ASP ASP_Best_Coding_Practice Pages_Without_Global_Error_Handler Information 79 79 79 79 79 79 79
ASP ASP_Best_Coding_Practice PersistSecurityInfo_is_True Information 80 80
ASP ASP_Best_Coding_Practice Sockets_in_WebApp Information 81 81 81
ASP ASP_Best_Coding_Practice Threads_in_WebApp Information 82 82
ASP ASP_Best_Coding_Practice Unclosed_Objects Information 83
ASP ASP_Best_Coding_Practice Unvalidated_Arguments_Of_Public_Methods Information 85
ASP ASP_Best_Coding_Practice Use_of_System_Output_Stream Information 86 86 86 86
ASP ASP_Best_Coding_Practice Visible_Fields Information 87 87 87
ASP ASP_Heuristic Heuristic_2nd_Order_SQL_Injection Low 132 132 132 132 132 132 132 132 132 132 132 132 132 132
ASP ASP_Heuristic Heuristic_CSRF Low 137 137 137 137 137 137 137 137 137 137 137 137 137
ASP ASP_Heuristic Heuristic_DB_Parameter_Tampering Low 133 133 133 133 133 133 133 133 133 133 133 133 133 133
ASP ASP_Heuristic Heuristic_Parameter_Tampering Low 134 134 134 134 134 134 134 134 134 134 134
ASP ASP_Heuristic Heuristic_SQL_Injection Low 135 135 135 135 135 135 135 135 135 135 135 135 135 135
ASP ASP_Heuristic Heuristic_Stored_XSS Low 136 136 136 136 136 136 136 136 136 136 136 136 136 136
ASP ASP_High_Risk Code_Injection High 138 138 138 138 138 138 138 138 138 138 138 138 138 138 138 138 138
ASP ASP_High_Risk Command_Injection High 139 139 139 139 139 139 139 139 139 139 139 139 139 139 139
ASP ASP_High_Risk Connection_String_Injection High 140 140 140 140 140 140 140 140 140 140 140 140 140 140 140 140
ASP ASP_High_Risk Dangerous_File_Upload High 151 151 151 151 151 151 151 151 151 151 151 151 151 151
ASP ASP_High_Risk LDAP_Injection High 141 141 141 141 141 141 141 141 141 141 141 141 141 141 141 141
ASP ASP_High_Risk Reflected_XSS_All_Clients High 142 142 142 142 142 142 142 142 142 142 142 142 142 142 142 142 142 142
ASP ASP_High_Risk Resource_Injection High 143 143 143 143 143 143 143 143 143 143 143 143 143 143 143 143
ASP ASP_High_Risk Second_Order_SQL_Injection High 144 144 144 144 144 144 144 144 144 144 144 144 144 144 144 144 144
ASP ASP_High_Risk SQL_Injection High 145 145 145 145 145 145 145 145 145 145 145 145 145 145 145 145 145 145
ASP ASP_High_Risk Stored_XSS High 146 146 146 146 146 146 146 146 146 146 146 146 146 146 146 146 146
ASP ASP_High_Risk UTF7_XSS High 147 147 147 147 147 147 147 147 147 147 147 147 147 147 147 147
ASP ASP_High_Risk XPath_Injection High 148 148 148 148 148 148 148 148 148 148 148 148 148 148 148 148
ASP ASP_Low_Visibility Blind_SQL_Injections Low 149 149 149 149 149 149 149 149 149 149 149 149 149 149
ASP ASP_Low_Visibility Cleansing_Canonicalization_and_Comparison_Errors Low 154 154 154 154 154 154
ASP ASP_Low_Visibility Client_Side_Only_Validation Low 150 150 150 150 150 150 150 150
ASP ASP_Low_Visibility Hardcoded_password_in_Connection_String Low 157 157 157 157 157 157 157 157 157
ASP ASP_Low_Visibility Impersonation_Issue Low 158 158 158 158 158 158 158
ASP ASP_Low_Visibility Improper_Exception_Handling Low 159 159 159 159 159 159 159 159 159 159 159
ASP ASP_Low_Visibility Improper_Resource_Shutdown_or_Release Low 152 152 152 152 152 152 152 152
ASP ASP_Low_Visibility Improper_Session_Management Low 160 160 160 160 160 160 160 160 160
ASP ASP_Low_Visibility Improper_Transaction_Handling Low 161 161 161 161 161
ASP ASP_Low_Visibility Information_Exposure_Through_an_Error_Message Low 175 175 175 175 175 175 175 175 175 175 175 175 175 175 175
ASP ASP_Low_Visibility Information_Leak_Through_Persistent_Cookies Low 167 167 167 167 167 167 167 167 167 167 167 167 167
ASP ASP_Low_Visibility Insecure_Randomness Low 162 162 162 162 162 162 162 162 162 162 162 162 162
ASP ASP_Low_Visibility Insufficiently_Protected_Credentials Low 166 166 166 166 166 166 166 166 166 166 166 166 166
ASP ASP_Low_Visibility JavaScript_Hijacking Low 1802 1802 1802 1802 1802 1802 1802 1802
ASP ASP_Low_Visibility Leaving_Temporary_Files Low 164 164 164 164 164 164 164
ASP ASP_Low_Visibility Log_Forging Low 165 165 165 165 165 165 165 165 165 165 165 165 165
ASP ASP_Low_Visibility Open_Redirect Low 174 174 174 174 174 174 174 174 174 174 174 174 174 174
ASP ASP_Low_Visibility Script_Poisoning Low 168 168 168 168 168 168 168 168 168
ASP ASP_Low_Visibility Server_Code_In_Client_Comment Low 169 169 169 169 169 169 169 169 169
ASP ASP_Low_Visibility Session_Clearing_Problems Low 170 170 170 170 170 170 170 170 170 170 170 170 170
ASP ASP_Low_Visibility Session_Poisoning Low
ASP ASP_Low_Visibility Thread_Safety_Issue Low 172 172 172 172 172 172 172 172 172
ASP ASP_Low_Visibility Trust_Boundary_Violation_in_Session_Variables Low 190 190 190 190 190 190 190 190 190 190 190 190 190 190
ASP ASP_Low_Visibility URL_Canonicalization_Issue Low 173 173 173 173 173
ASP ASP_Low_Visibility Use_Of_Hardcoded_Password Low 156 156 156 156 156 156 156 156 156 156 156 156 156 156 156 156
ASP ASP_Low_Visibility XSS_Evasion_Attack Low 176 176 176 176 176 176 176 176 176 176 176 176 176 176
ASP ASP_Medium_Threat CSRF Medium 193 193 193 193 193 193 193 193 193 193 193 193 193 193 193
ASP ASP_Medium_Threat DB_Parameter_Tampering Medium 178 178 178 178 178 178 178 178 178 178 178 178 178 178 178 178 178
ASP ASP_Medium_Threat DoS_by_Sleep Medium 179 179 179 179 179 179 179 179 179 179 179 179 179 179
ASP ASP_Medium_Threat HTTP_Response_Splitting Medium
ASP ASP_Medium_Threat Improper_Locking Medium 184 184 184 184 184 184 184 184 184 184
ASP ASP_Medium_Threat Parameter_Tampering Medium 185 185 185 185 185 185 185 185 185 185 185 185 185 185
ASP ASP_Medium_Threat Path_Traversal Medium 180 180 180 180 180 180 180 180 180 180 180 180 180 180 180 180
ASP ASP_Medium_Threat Privacy_Violation Medium 186 186 186 186 186 186 186 186 186 186 186 186 186 186 186 186 186
ASP ASP_Medium_Threat Reflected_XSS_Specific_Clients Medium 187 187 187 187 187 187 187 187 187 187 187 187 187 187 187 187
ASP ASP_Medium_Threat SQL_Injection_Evasion_Attack Medium 188 188 188 188 188 188 188 188 188 188 188 188 188 188 188 188 188

Page 2 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
ASP ASP_Medium_Threat Stored_Code_Injection Medium 189 189 189 189 189 189 189 189 189 189 189 189 189 189 189 189 189
ASP ASP_Medium_Threat Unclosed_Connection Medium
ASP ASP_Medium_Threat Untrusted_Activex Medium 192 192 192 192 192 192 192 192 192
ASP ASP_Medium_Threat Use_of_Hard_coded_Cryptographic_Key Medium 181 181 181 181 181 181 181 181 181 181 181 181 181 181 181 181 181
Cobol Cobol_Heuristic Possible_Module_Injection Information 6214 6214 6214 6214 6214
Cobol Cobol_High_Risk Command_Injection High 6185 6185 6185 6185 6185 6185 6185 6185 6185 6185 6185 6185 6185 6185
Cobol Cobol_High_Risk Module_Injection High 6186 6186 6186 6186 6186 6186 6186 6186
Cobol Cobol_High_Risk Reflected_XSS_All_Clients High 6187 6187 6187 6187 6187 6187 6187 6187 6187 6187 6187 6187 6187 6187 6187 6187 6187
Cobol Cobol_High_Risk Resource_Injection High 6188 6188 6188 6188 6188 6188 6188 6188 6188 6188 6188 6188 6188 6188 6188
Cobol Cobol_High_Risk Sql_Injection High 6189 6189 6189 6189 6189 6189 6189 6189 6189 6189 6189 6189 6189 6189 6189 6189 6189
Cobol Cobol_Low_Visibility Information_Leak_Through_Comments Low 6192 6192 6192 6192 6192 6192 6192 6192 6192 6192 6192
Cobol Cobol_Low_Visibility Use_Of_Hardcoded_Password Low 6193 6193 6193 6193 6193 6193 6193 6193 6193 6193 6193 6193 6193 6193 6193
Cobol Cobol_Medium_Threat Ignored_Error_Conditions Medium 6190 6190 6190 6190 6190 6190 6190 6190
Cobol Cobol_Medium_Threat Path_Traversal Medium 6191 6191 6191 6191 6191 6191 6191 6191 6191 6191 6191 6191 6191 6191 6191 6191
CPP CPP_Best_Coding_Practice Buffer_Size_Literal Information 3093 3093 3093 3093 3093
CPP CPP_Best_Coding_Practice Buffer_Size_Literal_Condition Information 3644 3644 3644 3644 3644 3644
CPP CPP_Best_Coding_Practice Buffer_Size_Literal_Overflow Information 3645 3645 3645 3645 3645 3645 3645
CPP CPP_Best_Coding_Practice Dead_Code Information
CPP CPP_Best_Coding_Practice Declaration_Of_Catch_For_Generic_Exception Information 206 206 206 206 206 206
CPP CPP_Best_Coding_Practice Detection_of_Error_Condition_Without_Action Information 203 203 203 203 203 203 203 203
CPP CPP_Best_Coding_Practice Empty_Methods Information 2083 2083 2083 2083 2083
CPP CPP_Best_Coding_Practice Exposure_of_Resource_to_Wrong_Sphere Information 1391 1391 1391 1391 1391 1391
CPP CPP_Best_Coding_Practice GOTO_Statement Information 210
CPP CPP_Best_Coding_Practice Hardcoded_Absolute_Path Information 303 303 303 303 303 303 303 303
CPP CPP_Best_Coding_Practice Magic_Numbers Information
CPP CPP_Best_Coding_Practice Methods_Without_ReturnType Information 1411
CPP CPP_Best_Coding_Practice Non_Private_Static_Constructors Information 205 205
CPP CPP_Best_Coding_Practice Reliance_On_Untrusted_Inputs_In_Security_Decision Information 3889 3889 3889 3889 3889 3889
CPP CPP_Best_Coding_Practice Unused_Variable Information 1561
CPP CPP_Best_Coding_Practice Unvalidated_Arguments_Of_Public_Methods Information 209
CPP CPP_Buffer_Overflow Buffer_Improper_Index_Access High 5592 5592 5592 5592 5592 5592 5592
CPP CPP_Buffer_Overflow Buffer_Overflow_AddressOfLocalVarReturned Medium 1412 1412 1412 1412 1412 1412 1412 1412 1412 1412 1412 1412 1412 1412 1412
CPP CPP_Buffer_Overflow Buffer_Overflow_boundcpy_WrongSizeParam Medium
CPP CPP_Buffer_Overflow Buffer_Overflow_boundedcpy High
CPP CPP_Buffer_Overflow Buffer_Overflow_boundedcpy2 Medium 212 212 212 212 212 212 212 212 212 212 212 212 212 212 212 212
CPP CPP_Buffer_Overflow Buffer_Overflow_cin High 213 213 213 213 213 213 213 213 213 213 213 213 213 213 213 213
CPP CPP_Buffer_Overflow Buffer_Overflow_cpycat High
CPP CPP_Buffer_Overflow Buffer_Overflow_fgets High
CPP CPP_Buffer_Overflow Buffer_Overflow_Indexes High
CPP CPP_Buffer_Overflow Buffer_Overflow_IndexFromInput High
CPP CPP_Buffer_Overflow Buffer_Overflow_LongString High 1201 1201 1201 1201 1201 1201 1201 1201 1201 1201 1201 1201 1201 1201 1201 1201
CPP CPP_Buffer_Overflow Buffer_Overflow_Loops Medium
CPP CPP_Buffer_Overflow Buffer_Overflow_Loops_Old Medium
CPP CPP_Buffer_Overflow Buffer_Overflow_LowBound High
CPP CPP_Buffer_Overflow Buffer_Overflow_OutOfBound High
CPP CPP_Buffer_Overflow Buffer_Overflow_scanf High
CPP CPP_Buffer_Overflow Buffer_Overflow_sizeof High
CPP CPP_Buffer_Overflow Buffer_Overflow_StrcpyStrcat High
CPP CPP_Buffer_Overflow Buffer_Overflow_unbounded High
CPP CPP_Buffer_Overflow Buffer_Overflow_Unbounded_Buffer High 5556 5556 5556 5556 5556 5556 5556 5556 5556
CPP CPP_Buffer_Overflow Buffer_Overflow_Unbounded_Format High 5587 5587 5587 5587 5587 5587 5587 5587 5587
CPP CPP_Buffer_Overflow Buffer_Overflow_Wrong_Buffer_Size High 5593 5593 5593 5593 5593 5593
CPP CPP_Buffer_Overflow Format_String_Attack High 220 220 220 220 220 220 220 220 220 220 220 220 220 220 220 220 220
CPP CPP_Buffer_Overflow Improper_Null_Termination High 5578 5578 5578 5578 5578 5578 5578 5578
CPP CPP_Buffer_Overflow Missing_Precision Medium
CPP CPP_Buffer_Overflow MultiByte_String_Length Medium 221 221 221 221 221 221 221 221 221 221 221
CPP CPP_Buffer_Overflow Off_by_One_Error High 5451 5451 5451 5451 5451 5451 5451 5451 5451
CPP CPP_Buffer_Overflow Off_by_One_Error_in_Arrays High
CPP CPP_Buffer_Overflow Off_by_One_Error_in_Loops Medium
CPP CPP_Buffer_Overflow Off_by_One_Error_in_Methods Medium
CPP CPP_Buffer_Overflow Open_SSL_HeartBleed High 3092 3092 3092 3092 3092 3092 3092 3092 3092 3092 3092 3092 3092 3092
CPP CPP_Buffer_Overflow Potential_Precision_Problem Low
CPP CPP_Buffer_Overflow String_Termination_cin High
CPP CPP_Buffer_Overflow String_Termination_Error High
CPP CPP_Heuristic Freed_Pointer_Not_Set_To_Null Low
CPP CPP_Heuristic Heuristic_2nd_Order_Buffer_Overflow_malloc Low 271 271 271 271 271 271 271 271 271 271 271 271 271 271
CPP CPP_Heuristic Heuristic_2nd_Order_Buffer_Overflow_read Low 272 272 272 272 272 272 272 272 272 272 272 272 272 272
CPP CPP_Heuristic Heuristic_2nd_Order_SQL_Injection Low 273 273 273 273 273 273 273 273 273 273 273 273 273 273
CPP CPP_Heuristic Heuristic_Buffer_Improper_Index_Access Low 5607 5607 5607 5607 5607
CPP CPP_Heuristic Heuristic_Buffer_Overflow_malloc Low 274 274 274 274 274 274 274 274 274 274 274 274 274 274
CPP CPP_Heuristic Heuristic_Buffer_Overflow_read Low 275 275 275 275 275 275 275 275 275 275 275 275 275 275
CPP CPP_Heuristic Heuristic_CGI_Stored_XSS Low 276 276 276 276 276 276 276 276 276 276 276 276 276 276
CPP CPP_Heuristic Heuristic_DB_Parameter_Tampering Low 277 277 277 277 277 277 277 277 277 277 277 277 277 277

Page 3 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
CPP CPP_Heuristic Heuristic_NULL_Pointer_Dereference1 Low
CPP CPP_Heuristic Heuristic_NULL_Pointer_Dereference2 Low
CPP CPP_Heuristic Heuristic_Parameter_Tampering Low 280 280 280 280 280 280 280 280 280 280 280
CPP CPP_Heuristic Heuristic_SQL_Injection Low 281 281 281 281 281 281 281 281 281 281 281 281 281 281
CPP CPP_Heuristic Heuristic_Unchecked_Return_Value Low
CPP CPP_Heuristic Potential_Off_by_One_Error_in_Loops Low
CPP CPP_High_Risk CGI_Reflected_XSS High 283 283 283 283 283 283 283 283 283 283 283 283 283 283 283 283
CPP CPP_High_Risk CGI_Stored_XSS High 284 284 284 284 284 284 284 284 284 284 284 284 284 284 284 284
CPP CPP_High_Risk Command_Injection High 285 285 285 285 285 285 285 285 285 285 285 285 285 285 285
CPP CPP_High_Risk Connection_String_Injection High 286 286 286 286 286 286 286 286 286 286 286 286 286 286 286 286
CPP CPP_High_Risk LDAP_Injection High 4022 4022 4022 4022 4022 4022 4022 4022 4022 4022 4022 4022 4022 4022 4022 4022
CPP CPP_High_Risk Process_Control High 287 287 287 287 287 287 287 287 287 287 287 287 287 287 287
CPP CPP_High_Risk Resource_Injection High 288 288 288 288 288 288 288 288 288 288 288 288 288 288 288 288
CPP CPP_High_Risk SQL_Injection High 289 289 289 289 289 289 289 289 289 289 289 289 289 289 289 289 289 289
CPP CPP_Insecure_Credential_Storage Comparison_Timing_Attack Medium 5518 5518 5518 5518 5518 5518 5518 5518 5518
CPP CPP_Insecure_Credential_Storage Insecure_Scrypt_Parameters Medium 5471 5471 5471 5471 5471 5471 5471 5471 5471 5471 5471 5471 5471
CPP CPP_Insecure_Credential_Storage Insufficient_BCrypt_Cost Medium 5510 5510 5510 5510 5510 5510 5510 5510 5510 5510 5510 5510 5510
CPP CPP_Insecure_Credential_Storage Insufficient_Output_Length Medium 5520 5520 5520 5520 5520 5520 5520 5520 5520 5520 5520 5520 5520
CPP CPP_Insecure_Credential_Storage PBKDF2_Insufficient_Iteration_Count Medium 5489 5489 5489 5489 5489 5489 5489 5489 5489 5489 5489 5489 5489 5489
CPP CPP_Insecure_Credential_Storage PBKDF2_Weak_Salt_Value Medium 5503 5503 5503 5503 5503 5503 5503 5503 5503 5503 5503 5503 5503 5503
CPP CPP_Insecure_Credential_Storage Scrypt_Weak_Salt_Value Medium 5480 5480 5480 5480 5480 5480 5480 5480 5480 5480 5480 5480 5480
CPP CPP_Insecure_Credential_Storage Weak_Mechanism Medium 5484 5484 5484 5484 5484 5484 5484 5484 5484 5484 5484 5484
CPP CPP_Integer_Overflow Boolean_Overflow Medium
CPP CPP_Integer_Overflow Char_Overflow Medium
CPP CPP_Integer_Overflow Float_Overflow Medium 292 292 292 292 292 292 292 292 292 292 292 292 292 292 292 292
CPP CPP_Integer_Overflow Get_Right_Assignment Information
CPP CPP_Integer_Overflow Integer_Overflow Medium 294 294 294 294 294 294 294 294 294 294 294 294 294 294 294 294
CPP CPP_Integer_Overflow Long_Overflow Medium
CPP CPP_Integer_Overflow Short_Overflow Medium
CPP CPP_Integer_Overflow Type_Conversion_Error Medium 5562 5562 5562 5562 5562 5562 5562 5562 5562 5562 5562 5562 5562
CPP CPP_Integer_Overflow Wrong_Size_t_Allocation Medium
CPP CPP_Low_Visibility Arithmetic_Operation_On_Boolean Low 297 297 297 297 297 297 297 297
CPP CPP_Low_Visibility Blind_SQL_Injections Low 298 298 298 298 298 298 298 298 298 298 298 298 298 298
CPP CPP_Low_Visibility Creation_of_chroot_Jail_without_Changing_Working_Directory Low 4070 4070 4070 4070 4070 4070 4070 4070 4070
CPP CPP_Low_Visibility Deprecated_CRT_Functions_VS2005 Low
CPP CPP_Low_Visibility Exposure_of_System_Data_to_Unauthorized_Control_Sphere Low 4016 4016 4016 4016 4016 4016 4016 4016 4016 4016 4016
CPP CPP_Low_Visibility Heap_Inspection Low 324 324 324 324 324 324 324 324 324 324 324 324 324 324
CPP CPP_Low_Visibility Improper_Exception_Handling Low 305 305 305 305 305 305 305 305 305 305 305
CPP CPP_Low_Visibility Improper_Resource_Access_Authorization Low 3892 3892 3892 3892 3892 3892 3892 3892 3892 3892 3892 3892 3892 3892
CPP CPP_Low_Visibility Improper_Resource_Shutdown_or_Release Low 302 302 302 302 302 302 302 302 302 302
CPP CPP_Low_Visibility Improper_Transaction_Handling Low 306 306 306 306 306
CPP CPP_Low_Visibility Inconsistent_Implementations Low 1210 1210 1210 1210 1210
CPP CPP_Low_Visibility Incorrect_Permission_Assignment_For_Critical_Resources Low 3895 3895 3895 3895 3895 3895 3895 3895 3895 3895 3895 3895 3895
CPP CPP_Low_Visibility Information_Exposure_Through_an_Error_Message Low 315 315 315 315 315 315 315 315 315 315 315 315 315 315 315
CPP CPP_Low_Visibility Information_Exposure_Through_Comments Low 4019 4019 4019 4019 4019 4019 4019 4019 4019 4019 4019
CPP CPP_Low_Visibility Insecure_Temporary_File Low 307 307 307 307 307 307 307 307
CPP CPP_Low_Visibility Insufficiently_Protected_Credentials Low 311 311 311 311 311 311 311 311 311 311 311 311 311
CPP CPP_Low_Visibility Leaving_Temporary_Files Low 308 308 308 308 308 308 308
CPP CPP_Low_Visibility Leftover_Debug_Code Low
CPP CPP_Low_Visibility Log_Forging Low 310 310 310 310 310 310 310 310 310 310 310 310 310
CPP CPP_Low_Visibility NULL_Pointer_Dereference Low 2441 2441 2441 2441 2441 2441 2441 2441 2441 2441 2441 2441
CPP CPP_Low_Visibility Potential_Path_Traversal Low
CPP CPP_Low_Visibility Privacy_Violation Low 1213 1213 1213 1213 1213 1213 1213 1213 1213 1213 1213 1213 1213 1213 1213 1213
CPP CPP_Low_Visibility Reliance_on_DNS_Lookups_in_a_Decision Low 2124 2124 2124 2124 2124 2124 2124 2124 2124 2124 2124
CPP CPP_Low_Visibility Sizeof_Pointer_Argument Low
CPP CPP_Low_Visibility Stored_Blind_SQL_Injections Low 313 313 313 313 313 313 313 313 313 313 313 313 313
CPP CPP_Low_Visibility TOCTOU Low 4017 4017 4017 4017 4017 4017 4017
CPP CPP_Low_Visibility Unchecked_Array_Index Low 314 314 314 314 314 314 314 314
CPP CPP_Low_Visibility Unchecked_Return_Value Low 1214 1214 1214 1214 1214 1214 1214 1214
CPP CPP_Low_Visibility Undefined_Behavior Low 1562 1562 1562 1562
CPP CPP_Low_Visibility Unreleased_Resource_Leak Low 1563 1563 1563 1563 1563 1563
CPP CPP_Low_Visibility Use_Of_Deprecated_Class Low 2708 2708 2708 2708 2708 2708 2708
CPP CPP_Low_Visibility Use_Of_Hardcoded_Password Low 304 304 304 304 304 304 304 304 304 304 304 304 304 304 304 304
CPP CPP_Low_Visibility Use_of_Insufficiently_Random_Values Low 1211 1211 1211 1211 1211 1211 1211 1211 1211 1211 1211 1211 1211 1211 1211
CPP CPP_Low_Visibility Use_of_Obsolete_Functions Low 300 300 300 300 300 300 300
CPP CPP_Low_Visibility Use_of_Sizeof_On_a_Pointer_Type Low 1215 1215 1215 1215 1215 1215
CPP CPP_Medium_Threat Cleartext_Transmission_Of_Sensitive_Information Medium 4026 4026 4026 4026 4026 4026 4026 4026 4026 4026 4026 4026
CPP CPP_Medium_Threat Dangerous_Functions Medium 316 316 316 316 316 316 316 316 316 316
CPP CPP_Medium_Threat DB_Parameter_Tampering Medium 317 317 317 317 317 317 317 317 317 317 317 317 317 317 317 317 317
CPP CPP_Medium_Threat Divide_By_Zero Medium 1216 1216 1216 1216 1216 1216 1216 1216 1216
CPP CPP_Medium_Threat DoS_by_Sleep Medium 318 318 318 318 318 318 318 318 318 318 318 318 318 318
CPP CPP_Medium_Threat Double_Free Medium 319 319 319 319 319 319 319 319 319 319 319
CPP CPP_Medium_Threat Download_of_Code_Without_Integrity_Check Medium 3898 3898 3898 3898 3898 3898 3898 3898 3898 3898 3898 3898 3898

Page 4 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
CPP CPP_Medium_Threat Environment_Injection Medium 320 320 320 320 320 320 320 320 320 320 320 320 320
CPP CPP_Medium_Threat Hardcoded_password_in_Connection_String Medium 323 323 323 323 323 323 323 323 323 323 323
CPP CPP_Medium_Threat Improperly_Locked_Memory Medium 325 325 325 325 325 325 325 325 325 325
CPP CPP_Medium_Threat Inadequate_Encryption_Strength Medium 3880 3880 3880 3880 3880 3880 3880 3880 3880 3880 3880 3880 3880 3880
CPP CPP_Medium_Threat Inadequate_Pointer_Validation Medium 1564 1564 1564 1564 1564 1564 1564 1564
CPP CPP_Medium_Threat Memory_Leak Medium 326 326 326 326 326 326 326 326 326 326
CPP CPP_Medium_Threat MemoryFree_on_StackVariable Medium 1565 1565 1565 1565 1565 1565 1565 1565
CPP CPP_Medium_Threat Parameter_Tampering Medium 327 327 327 327 327 327 327 327 327 327 327 327 327 327
CPP CPP_Medium_Threat Path_Traversal Medium 321 321 321 321 321 321 321 321 321 321 321 321 321 321 321 321
CPP CPP_Medium_Threat Plaintext_Storage_Of_A_Password Medium 4030 4030 4030 4030 4030 4030 4030 4030 4030 4030 4030 4030 4030 4030 4030
CPP CPP_Medium_Threat Pointer_Subtraction_Determines_Size Medium 7556 7556 7556 7556
CPP CPP_Medium_Threat Setting_Manipulation Medium 328 328 328 328 328 328 328 328 328 328 328
CPP CPP_Medium_Threat Uncontrolled_Recursion Medium 3899 3899 3899 3899 3899 3899
CPP CPP_Medium_Threat Use_After_Free Medium 330 330 330 330 330 330 330 330 330 330 330
330 330 330 330
CPP CPP_Medium_Threat Use_of_a_One_Way_Hash_without_a_Salt Medium 3893 3893 3893 3893 3893 3893 3893 3893 3893 3893 3893 3893 3893 3893 3893
CPP CPP_Medium_Threat Use_of_Hard_coded_Cryptographic_Key Medium 322 322 322 322 322 322 322 322 322 322 322 322 322 322 322 322 322
CPP CPP_Medium_Threat Use_of_Uninitialized_Pointer Medium
CPP CPP_Medium_Threat Use_of_Uninitialized_Variable Medium 332 332 332 332 332 332 332 332 332 332 332 332 332
CPP CPP_Medium_Threat Use_of_Zero_Initialized_Pointer Medium
CPP CPP_Medium_Threat Wrong_Memory_Allocation Medium 334 334 334 334 334 334 334 334 334 334
CPP CPP_MISRA_C R02_02_CPP_Comment_Style Information 1812
CPP CPP_MISRA_C R02_03_Nested_Comments Information 1813
CPP CPP_MISRA_C R02_04_Code_Commented_Out Information 1814
CPP CPP_MISRA_C R03_04_Not_Explained_Pragma_Usage Information 1815
CPP CPP_MISRA_C R04_01_Non_ISO_Escape_Sequences Information 1816
CPP CPP_MISRA_C R04_02_Trigraphs Information 1817
CPP CPP_MISRA_C R05_01_Identifiers_Length_Violation Information 1818
CPP CPP_MISRA_C R05_02_Identifiers_Hiding_Outer_Scope_Identifiers Information 1819
CPP CPP_MISRA_C R05_03_Typedef_Name_Reused Information 1820
CPP CPP_MISRA_C R05_04_Tag_Name_Reused Information 1821
CPP CPP_MISRA_C R05_05_Identifier_With_Static_Storage_Reused Information 1822
CPP CPP_MISRA_C R05_07_Identifier_Name_Reused Information 1823
CPP CPP_MISRA_C R06_01_Plain_Char_Type_Usage Information 1824 1824
CPP CPP_MISRA_C R06_02_Not_Plain_Char_Type_Usage Information 1825
CPP CPP_MISRA_C R06_03_Non_Typedefd_Basic_Types Information 1826
CPP CPP_MISRA_C R06_04_Bit_Fields_Type Information 1827
CPP CPP_MISRA_C R06_05_Bit_Fields_Length Information 1828
CPP CPP_MISRA_C R07_01_Non_Zero_Octal_Constant Information 1829
CPP CPP_MISRA_C R08_03_Identical_Function_Decl_Def Information 1830
CPP CPP_MISRA_C R08_05_Object_Function_In_Header_File Information 1831
CPP CPP_MISRA_C R08_07_Block_Scope_Obj_If_Used_By_Single_Function Information 1832
CPP CPP_MISRA_C R08_08_External_Objects_Declared_Once Information 1833
CPP CPP_MISRA_C R09_03_Initializing_Non_First_And_Not_All_Members_In_Enum Information 1834
CPP CPP_MISRA_C R10_06_U_Suffix_Not_Applied_To_Unsigned_Const Information 1835
CPP CPP_MISRA_C R12_05_AND_OR_Operands_Not_As_Primary_Expressions Information 1836
CPP CPP_MISRA_C R12_07_Bitwise_Operator_On_Signed_Type Information 1837
CPP CPP_MISRA_C R12_09_Unary_Minus_Operator_On_Unsigned_Type Information 1838
CPP CPP_MISRA_C R12_10_Comma_Operator_Used Information 1839
CPP CPP_MISRA_C R12_12_Floating_Point_Bit_Underlying_Representation_Used Information 1840
CPP CPP_MISRA_C R12_13_Using_Of_Incremental_And_Decrimental_Operators Information 1841
CPP CPP_MISRA_C R13_01_Assignment_Operators_In_Boolean_Expressions Information 1842
CPP CPP_MISRA_C R13_03_Floating_Point_Equality_Or_Inequality Information 1843
CPP CPP_MISRA_C R13_04_Floating_Points_Objects_In_For_Control Information 1844
CPP CPP_MISRA_C R13_06_Loop_Iterator_Modified_In_Loop_Body Information 1845
CPP CPP_MISRA_C R14_04_Use_Of_Goto Information 1846
CPP CPP_MISRA_C R14_05_Use_Of_Continue Information 1847
CPP CPP_MISRA_C R14_06_Multiple_Breaks_In_Iteration_Statement Information 1848
CPP CPP_MISRA_C R14_07_Single_Point_Exit_At_Function_End Information 1849
CPP CPP_MISRA_C R14_08_Not_Compound_Switch_Or_Iteration_Statement Information 1850
CPP CPP_MISRA_C R14_09_Not_Compound_If_Or_Else Information 1851
CPP CPP_MISRA_C R14_10_If_Else_If_Not_Ending_With_Else Information 1852
CPP CPP_MISRA_C R15_01_Case_Not_Enclosed_By_Compound_Switch Information 1853
CPP CPP_MISRA_C R15_02_Non_Empty_Switch_Clause_Without_Break Information 1854
CPP CPP_MISRA_C R15_03_Non_Default_Final_Clause_In_Switch_Statement Information 1855
CPP CPP_MISRA_C R15_05_No_Cases_in_Switch_Statement Information 1856
CPP CPP_MISRA_C R16_01_Function_With_Variable_Number_Of_Arguments Information 1857
CPP CPP_MISRA_C R16_02_Recursion_Exists Information 1858
CPP CPP_MISRA_C R16_03_Function_Prototype_Without_Identifiers Information 1859
CPP CPP_MISRA_C R16_04_Different_Identifiers_In_Function_Definition_And_Prototype Information 1860
CPP CPP_MISRA_C R16_05_Function_Prototype_Declaration_Without_Parameters Information 1861
CPP CPP_MISRA_C R16_06_Function_Invoke_Arg_Number_Not_Match_Function_Def_Number Information 1862 1862
CPP CPP_MISRA_C R16_07_Parameter_Pointer_To_Const_Where_Not_Modified Information 1863
CPP CPP_MISRA_C R16_08_Non_Explicit_Return_Statement_In_Non_Void_Function Information 1864

Page 5 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
CPP CPP_MISRA_C R16_09_Using_Function_Identifier_Not_Call_Or_Pointer Information 1865
CPP CPP_MISRA_C R18_04_Use_Of_Union Information 1866
CPP CPP_MISRA_C R19_01_Non_Prepocessor_Command_Before_Include_In_File Information 1867
CPP CPP_MISRA_C R19_02_Non_Standard_Chars_In_Header_File_Name Information 1868
CPP CPP_MISRA_C R19_03_Include_Directive_In_Wrong_Format Information 1869
CPP CPP_MISRA_C R19_05_Using_Define_Or_Undef_Directive_In_Block Information 1870
CPP CPP_MISRA_C R19_06_Use_Of_Undef_Derective Information 1871
CPP CPP_MISRA_C R19_12_Multiple_Pound_Or_Double_Pound_In_Same_Macro Information 1872
CPP CPP_MISRA_C R19_13_Pound_Preprocessor_Operator_Is_Used Information 1873
CPP CPP_MISRA_C R19_17_Preprocessor_If_And_Else_Operators_Reside_In_Different_Files Information 1874
CPP CPP_MISRA_C R20_05_Using_Errno_Indicator_From_Errno_H Information 1875
CPP CPP_MISRA_C R20_06_Using_Offsetof_Macro_From_Stddef_H Information 1876
CPP CPP_MISRA_C R20_07_Using_Setjmp_Longjmp_Macros_From_Setjmp_H Information 1877
CPP CPP_MISRA_C R20_08_Using_Signal_Handling_From_Signal_H Information 1878
CPP CPP_MISRA_C R20_09_Using_Input_Output_From_Stdio_H Information 1879
CPP CPP_MISRA_C R20_10_Using_Atof_Atoi_Atol_Functions_From_Stdlib_H Information 1880
CPP CPP_MISRA_C R20_11_Using_Abort_Exit_Getenv_System_Functions_From_Stdlib_H Information 1881
CPP CPP_MISRA_C R20_12_Using_Time_Handling_From_Time_H Information 1882
CPP CPP_MISRA_C_2012 R01_04_Emergent_Features_Shall_Not_Be_Used Information 7285 7285
CPP CPP_MISRA_C_2012 R02_X_Unused_Code Information 7283 7283
CPP CPP_MISRA_C_2012 R03_X_Comments Information 7209 7209
CPP CPP_MISRA_C_2012 R04_X_Character_Sets Information 7203 7203
CPP CPP_MISRA_C_2012 R05_X_Identifiers Information 7047 7047
CPP CPP_MISRA_C_2012 R06_X_Bitfields Information 7121 7121
CPP CPP_MISRA_C_2012 R07_01_Octal_Constans_Shall_Not_Be_Used Information 7058 7058
CPP CPP_MISRA_C_2012 R07_02_U_Or_u_Suffix_Shall_Be_Applied_To_All_Unsigned_Type_Integers Information 7059 7059
CPP CPP_MISRA_C_2012 R07_03_Lowercase_l_Shall_Not_Be_Used_In_A_Literal_Suffix Information 7060 7060
CPP CPP_MISRA_C_2012 R07_04_String_Literal_Should_Be_Assigned_To_Pointer_To_Const_Char Information 7122 7122
CPP CPP_MISRA_C_2012 R08_02_Function_Prototype_With_Named_Parameters Information 7123 7123
CPP CPP_MISRA_C_2012 R08_03_Functions_Have_Same_Name Information 7124 7124
CPP CPP_MISRA_C_2012 R08_04_Compatible_Declaration_Shall_Be_Visible Information 7125 7125
CPP CPP_MISRA_C_2012 R08_05_External_Objects_Shall_Be_Declared_Once Information 7126 7126
CPP CPP_MISRA_C_2012 R08_06_Single_External_Definition_Per_External_Identifier Information 7129 7129
CPP CPP_MISRA_C_2012 R08_07_Function_And_Objects_Should_Not_Use_Extern_When_Referenced_In_One_File Information 7130 7130
CPP CPP_MISRA_C_2012 R08_08_Static_Shall_Be_Used_In_All_Internal_Linkage_Declarations Information 7131 7131
CPP CPP_MISRA_C_2012 R08_09_Identifiers_Should_Be_Defined_At_Block_Scope Information 7134
CPP CPP_MISRA_C_2012 R08_10_Inline_Function_Shall_Be_Declared_With_Static Information 7135 7135
CPP CPP_MISRA_C_2012 R08_11_Extern_Array_Shall_Be_Declared_With_Determined_Size Information 7139
CPP CPP_MISRA_C_2012 R08_12_Value_Implicitly_Specified_Of_Enumeration_Constant_Shall_Be_Unique Information 7140
CPP CPP_MISRA_C_2012 R08_13_Pointer_Should_Point_Const Information 7172 7172
CPP CPP_MISRA_C_2012 R08_14_Restrict_Type_Qualifier Information 7170 7170
CPP CPP_MISRA_C_2012 R09_01_Value_Not_Read_Before_Being_Set Information 7171 7171
CPP CPP_MISRA_C_2012 R09_02_to_03_Array_Initializer_Validation Information 7169 7169
CPP CPP_MISRA_C_2012 R10_01_Operands_Shall_Not_Be_Of_An_Inappropriate_Essential_Type Information 7173 7173
CPP CPP_MISRA_C_2012 R10_02_Char_Type_Shall_Not_Be_Used_Inappropriately_In_Operations Information 7176 7176
CPP CPP_MISRA_C_2012 R10_03_Value_Of_An_Expression_Assigned_To_Inappropriate_Essential_Type Information 7180 7180
CPP CPP_MISRA_C_2012 R10_04_Binary_Operator_Operands_With_Same_Type Information 7183 7183
CPP CPP_MISRA_C_2012 R10_05_Value_Of_An_Expression_Cast_To_Inappropriate_Essential_Type Information 7186 7186
CPP CPP_MISRA_C_2012 R10_06_to_08_Composite_Expressions Information 7277 7277
CPP CPP_MISRA_C_2012 R11_X_Pointer_Type_Conversions Information 7181 7181
CPP CPP_MISRA_C_2012 R12_01_Explicit_Operator_Precedence Information 7280 7280
CPP CPP_MISRA_C_2012 R12_02_Right_Operand_Of_Shift_Operator_Out_Of_Range Information 7282 7282
CPP CPP_MISRA_C_2012 R12_03_Comma_Operator_Shall_Not_Be_Used Information 7185 7185
CPP CPP_MISRA_C_2012 R12_04_Unsigned_Integer_Wrap_Around Information 7279 7279
CPP CPP_MISRA_C_2012 R12_05_Sizeof_Operand_Not_Array_Of_Type Information 7197 7197
CPP CPP_MISRA_C_2012 R13_X_Side_Effects Information 7206 7206
CPP CPP_MISRA_C_2012 R14_X_Control_Statement_Expressions Information 7202 7202
CPP CPP_MISRA_C_2012 R15_01_to_03_Goto_Usage_Constraints Information 7178 7178
CPP CPP_MISRA_C_2012 R15_04_Iteration_Single_Exit_Point Information 7179 7179
CPP CPP_MISRA_C_2012 R15_05_Function_Single_Exit_Point Information 7182 7182
CPP CPP_MISRA_C_2012 R15_06_Statement_Body_Shall_Be_Compound Information 7205 7205
CPP CPP_MISRA_C_2012 R15_07_If_Else_If_Constructs_Not_Ending_With_Else Information 7189 7189
CPP CPP_MISRA_C_2012 R16_X_Switches Information 7201 7201
CPP CPP_MISRA_C_2012 R17_01_StdArg_Shall_Not_Be_Used Information 7188 7188
CPP CPP_MISRA_C_2012 R17_02_No_Recursion Information 7190 7190
CPP CPP_MISRA_C_2012 R17_03_Function_Shall_Not_Be_Declared_Implicitly Information 7193 7193
CPP CPP_MISRA_C_2012 R17_04_Non_Void_Has_Valid_Return Information 7192 7192
CPP CPP_MISRA_C_2012 R17_05_to_06_Functions_With_Array_Parameter Information 7288 7288
CPP CPP_MISRA_C_2012 R17_07_Value_Returned_By_Non_Void_Function_Shall_Be_Used Information 7373 7373
CPP CPP_MISRA_C_2012 R17_08_Function_Parameter_Should_Not_Be_Modified Information 7375 7375
CPP CPP_MISRA_C_2012 R18_04_Pointer_Arithmetic Information 7289 7289
CPP CPP_MISRA_C_2012 R18_05_Pointer_Nesting Information 7374 7374
CPP CPP_MISRA_C_2012 R18_06_Automatic_Storage_Addresses_Shall_Not_Be_Copied Information 7377 7377

Page 6 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
CPP CPP_MISRA_C_2012 R18_07_to_08_Variable_Length_And_Flexible_Arrays Information 7378 7378
CPP CPP_MISRA_C_2012 R19_X_Overlapping_Storage Information 7191
CPP CPP_MISRA_C_2012 R20_01_Include_Directive_Precedence Information 7195 7195
CPP CPP_MISRA_C_2012 R20_02_Invalid_Include_Names Information 7194 7194
CPP CPP_MISRA_C_2012 R20_03_Includes_In_Wrong_Format Information 7196 7196
CPP CPP_MISRA_C_2012 R20_04_Macros_With_Keyword_Name Information 7385 7385
CPP CPP_MISRA_C_2012 R20_05_Undef_Shall_Not_Be_Used Information 7199 7199
CPP CPP_MISRA_C_2012 R20_10_to_12_Preprocessor_Concatenation_Operations Information 7275 7275
CPP CPP_MISRA_C_2012 R20_13_Valid_PreProcessor_Directives Information 7376 7376
CPP CPP_MISRA_C_2012 R20_14_Preprocessor_IF_Else_In_Same_File Information 7278 7278
CPP CPP_MISRA_C_2012 R21_01_to_12_Usage_of_C_Standard_Library Information 7281 7281
CPP CPP_MISRA_C_2012 R21_13_to_20_C_Standard_Library_Types Information 7276 7276
CPP CPP_MISRA_C_2012 R22_X_Resources Information 7379 7379
CPP CPP_MISRA_CPP R00_01_03_Find_Unused_Variables Information 1883
CPP CPP_MISRA_CPP R00_01_05_Find_Unused_Typedefs Information 1884
CPP CPP_MISRA_CPP R00_01_10_Find_Unused_Defined_Functions Information 1885
CPP CPP_MISRA_CPP R00_01_11_Find_Unused_Parameters Information 1886
CPP CPP_MISRA_CPP R00_01_12_Find_Virtual_Unused_Parameters Information 1887
CPP CPP_MISRA_CPP R02_03_01_Trigraphs Information 2227
CPP CPP_MISRA_CPP R02_05_01_Digraphs Information 1921
CPP CPP_MISRA_CPP R02_07_02_Code_Commented_Out Information 2228
CPP CPP_MISRA_CPP R02_07_03_Code_CPP_Commented_Out Information 2229
CPP CPP_MISRA_CPP R02_10_02_Identifiers_Hide_Outer_Scope_Identifiers Information 2230
CPP CPP_MISRA_CPP R02_10_03_Typedef_Name_Reused Information 2231
CPP CPP_MISRA_CPP R02_10_04_Class_Enum_Union_Names_Reused Information 2232
CPP CPP_MISRA_CPP R02_10_05_Non_Member_Static_Name_Reuse Information 1922
CPP CPP_MISRA_CPP R02_13_01_Non_ISO_Escapes Information 1888
CPP CPP_MISRA_CPP R02_13_02_Non_Zero_Octal_Constant Information 2233
CPP CPP_MISRA_CPP R02_13_03_U_Suffix_Not_Applied_To_Unsigned_Hex_Oct Information 2234
CPP CPP_MISRA_CPP R02_13_04_Literal_Suffix_Uppercase Information 1889
CPP CPP_MISRA_CPP R03_01_03_Find_Arrays_Without_Size Information 1890
CPP CPP_MISRA_CPP R03_02_01_Identical_Function_and_Object_Decl_Def Information 1891
CPP CPP_MISRA_CPP R03_04_01_Obj_Defined_Outside_Minimal_Scope Information 1892
CPP CPP_MISRA_CPP R03_09_02_Non_Typedef_Basic_Types Information 2235
CPP CPP_MISRA_CPP R04_10_01_NULL_As_An_Integer_Value Information 1893
CPP CPP_MISRA_CPP R04_10_02_Literal_Zero_As_Null_Pointer_Constant Information 1894
CPP CPP_MISRA_CPP R05_00_07_Improper_Explicit_Floating_Integral_Conversion_Of_Expression Information 2236
CPP CPP_MISRA_CPP R05_00_10_Bitwise_Operator_On_Unsigned_Char_Short_Types Information 2237
CPP CPP_MISRA_CPP R05_00_11_Plain_Char_Type_Usage Information 2238
CPP CPP_MISRA_CPP R05_00_12_Not_Plain_Char_Type_Usage Information 2239
CPP CPP_MISRA_CPP R05_00_21_Bitwise_Operator_On_Signed_Type Information 2240
CPP CPP_MISRA_CPP R05_02_01_AND_OR_Operands_Not_As_Postfix_Expressions Information 2241
CPP CPP_MISRA_CPP R05_02_10_Using_Of_Incremental_And_Decrimental_Operators Information 2242
CPP CPP_MISRA_CPP R05_02_11_Find_Special_Operator_Overloads Information 1895
CPP CPP_MISRA_CPP R05_03_02_Unary_Minus_Operator_On_Unsigned_Type Information 2243
CPP CPP_MISRA_CPP R05_03_03_Overloading_Reference_Oper Information 1923
CPP CPP_MISRA_CPP R05_18_01_Comma_Operator_Used Information 2244
CPP CPP_MISRA_CPP R06_02_01_Assignment_in_Sub_Expr Information 1924
CPP CPP_MISRA_CPP R06_02_02_FloatingPt_Equality_Inequality_Testing Information 1925
CPP CPP_MISRA_CPP R06_03_01_Not_Compound_Switch_Or_Iteration_Statement Information 2245
CPP CPP_MISRA_CPP R06_04_01_Not_Compound_If_Or_Else Information 2246
CPP CPP_MISRA_CPP R06_04_02_If_Else_If_Not_Ending_With_Else Information 2247
CPP CPP_MISRA_CPP R06_04_04_Case_Not_Enclosed_By_Compound_Switch Information 2248
CPP CPP_MISRA_CPP R06_04_05_Non_Empty_Switch_Clause_Without_Break_or_Throw Information 1896
CPP CPP_MISRA_CPP R06_04_06_Non_Default_Final_Clause_In_Switch_Statement Information 1897
CPP CPP_MISRA_CPP R06_04_07_Find_Switch_Condition_Bool Information 1898
CPP CPP_MISRA_CPP R06_05_01_Single_Non_Float_LC Information 1964
CPP CPP_MISRA_CPP R06_05_02_Loop_Counter_Modify Information 1926
CPP CPP_MISRA_CPP R06_05_03_Change_Lc_In_St_And_Cond Information 1927
CPP CPP_MISRA_CPP R06_05_04_Incremental_Modified Information 1928
CPP CPP_MISRA_CPP R06_05_05_Lcv_Change_In_For_Stmt Information 1929
CPP CPP_MISRA_CPP R06_05_06_Bool_Lcv_Change Information 1930
CPP CPP_MISRA_CPP R06_06_02_Backward_Use_Of_Goto Information 1899
CPP CPP_MISRA_CPP R06_06_03_Continue_In_Legal_For Information 1931
CPP CPP_MISRA_CPP R06_06_04_One_GoTo_Break_In_Iteration Information 1932
CPP CPP_MISRA_CPP R06_06_05_Single_Point_Exit_At_Function_End Information 2249
CPP CPP_MISRA_CPP R07_01_01_Declare_Const_if_not_Modified Information 1900
CPP CPP_MISRA_CPP R07_01_02_Declare_Ref_Const_if_not_Modified Information 1901
CPP CPP_MISRA_CPP R07_03_01_Definitions_in_Global_Namespace Information 1902
CPP CPP_MISRA_CPP R07_03_02_Find_non_Global_Mains Information 1903
CPP CPP_MISRA_CPP R07_03_03_Unnamed_NS_in_Headers Information 1904
CPP CPP_MISRA_CPP R07_03_04_Find_Using_Directives Information 1905
CPP CPP_MISRA_CPP R07_03_05_Multiple_Declarations_After_Using Information 1906

Page 7 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
CPP CPP_MISRA_CPP R07_03_06_Find_Using_in_Headers Information 1907
CPP CPP_MISRA_CPP R07_05_02_Address_Assignment_out_of_Scope Information 1908
CPP CPP_MISRA_CPP R07_05_03_Return_Parameter_Passed_by_Ref Information 1909
CPP CPP_MISRA_CPP R07_05_04_Recursion_Exists Information 2250
CPP CPP_MISRA_CPP R08_00_01_Find_Multiple_Declarators Information 1910
CPP CPP_MISRA_CPP R08_04_01_Function_With_Variable_Number_Of_Arguments Information 2251
CPP CPP_MISRA_CPP R08_04_03_Explicit_Return_Throw Information 1933
CPP CPP_MISRA_CPP R08_05_01_Uninitialized_Variable_Use Information 1934
CPP CPP_MISRA_CPP R09_05_01_Use_Of_Union Information 2252
CPP CPP_MISRA_CPP R09_06_02_bool_Unsigned_Signed_Bit_Field Information 1935
CPP CPP_MISRA_CPP R09_06_03_Enum_Bit_Fields Information 1936
CPP CPP_MISRA_CPP R09_06_04_Bit_Fields_Length Information 2253
CPP CPP_MISRA_CPP R10_01_01_Find_Virtual_Base_Classes Information 1911
CPP CPP_MISRA_CPP R10_03_02_Find_Override_Without_Virtual Information 1912
CPP CPP_MISRA_CPP R10_03_03_Redeclare_Function_as_Pure Information 1913
CPP CPP_MISRA_CPP R12_01_03_Find_non_Explicit_Constructor Information 1914
CPP CPP_MISRA_CPP R15_00_02_Throw_Pointers Information 1937
CPP CPP_MISRA_CPP R15_00_03_Goto_Label_Inside_TryCatch Information 1938
CPP CPP_MISRA_CPP R15_01_02_No_Explicit_Null_Throw Information 1939
CPP CPP_MISRA_CPP R15_01_03_Empty_Throw_Outside_Catch Information 1940
CPP CPP_MISRA_CPP R15_03_02_Catch_All_In_Main Information 1941
CPP CPP_MISRA_CPP R15_03_03_Accessing_Non_Static_Mem_In_Ctr_Dtr Information 1942
CPP CPP_MISRA_CPP R15_03_07_Catch_All_Final Information 1943
CPP CPP_MISRA_CPP R15_05_01_Statements_Outside_TryCatch_Dtr Information 1944
CPP CPP_MISRA_CPP R16_00_02_Define_Only_in_Global_Namespace Information 1945
CPP CPP_MISRA_CPP R16_00_03_Use_Of_Undef_Directive Information 2254
CPP CPP_MISRA_CPP R16_00_04_Function_Like_Macros_Shall_Not_Be_Defined Information 1946
CPP CPP_MISRA_CPP R16_00_05_No_Tokens_In_Func_Like_Macro Information 1947
CPP CPP_MISRA_CPP R16_00_07_Undefined_Macro_Identifiers Information 1915
CPP CPP_MISRA_CPP R16_00_08_Sharp_Before_Preprocessing_Token Information 1948
CPP CPP_MISRA_CPP R16_01_01_Defined_Standart_Forms Information 1949
CPP CPP_MISRA_CPP R16_01_02_Preprocessor_If_And_Else_Operators_Reside_In_Different_Files Information 2255
CPP CPP_MISRA_CPP R16_02_06_Include_Directive_In_Wrong_Format Information 2256
CPP CPP_MISRA_CPP R16_03_02_Pound_Preprocessor_Operator_Is_Used Information 2257
CPP CPP_MISRA_CPP R17_00_01_Standard_Library_Redefined_Or_Undefined Information 1916
CPP CPP_MISRA_CPP R17_00_02_Standard_Library_Macros_Reuse Information 1917
CPP CPP_MISRA_CPP R17_00_03_Standard_Library_Functions_Override Information 1918
CPP CPP_MISRA_CPP R18_00_04_Ctime Information 1950
CPP CPP_MISRA_CPP R18_00_05_Unbounded_Functions_Of_Library_CString Information 1919
CPP CPP_MISRA_CPP R18_04_01_Dynamic_Heap_Memory_Allocation Information 1920
CPP CPP_MISRA_CPP R18_07_01_Csignal Information 1951
CPP CPP_Stored_Vulnerabilities Second_Order_SQL_Injection Medium 335 335 335 335 335 335 335 335 335 335 335 335 335 335 335 335 335
CPP CPP_Stored_Vulnerabilities Stored_Buffer_Overflow_boundcpy Medium
CPP CPP_Stored_Vulnerabilities Stored_Buffer_Overflow_cpycat Medium
CPP CPP_Stored_Vulnerabilities Stored_Buffer_Overflow_fgets Medium
CPP CPP_Stored_Vulnerabilities Stored_Buffer_Overflow_fscanf Medium
CPP CPP_Stored_Vulnerabilities Stored_Command_Injection Medium 340 340 340 340 340 340 340 340 340 340 340 340 340 340 340
CPP CPP_Stored_Vulnerabilities Stored_Connection_String_Injection Medium 341 341 341 341 341 341 341 341 341 341 341 341 341 341
CPP CPP_Stored_Vulnerabilities Stored_DB_Parameter_Tampering Low 342 342 342 342 342 342 342 342 342 342 342 342 342
CPP CPP_Stored_Vulnerabilities Stored_DoS_by_Sleep Low 343 343 343 343 343 343 343 343 343
CPP CPP_Stored_Vulnerabilities Stored_Environment_Injection Low 344 344 344 344 344 344 344 344 344 344 344
CPP CPP_Stored_Vulnerabilities Stored_Format_String_Attack Medium
CPP CPP_Stored_Vulnerabilities Stored_LDAP_Injection Medium 5511 5511 5511 5511 5511 5511 5511 5511 5511 5511 5511 5511 5511 5511 5511
CPP CPP_Stored_Vulnerabilities Stored_Log_Forging Low 347 347 347 347 347 347 347 347 347 347 347
CPP CPP_Stored_Vulnerabilities Stored_Parameter_Tampering Low 348 348 348 348 348 348 348 348 348 348
CPP CPP_Stored_Vulnerabilities Stored_Path_Traversal Medium 345 345 345 345 345 345 345 345 345 345 345 345 345 345
CPP CPP_Stored_Vulnerabilities Stored_Process_Control Medium 349 349 349 349 349 349 349 349 349 349 349 349 349
CPP CPP_Stored_Vulnerabilities Stored_Resource_Injection Medium 350 350 350 350 350 350 350 350 350 350 350 350 350 350
CPP CPP_Weak_Cryptography Asymmetric_Encryption_Improper_Padding Medium 5577 5577 5577 5577 5577 5577 5577 5577
CPP CPP_Weak_Cryptography Asymmetric_Encryption_Insufficient_Key_Size Medium 5573 5573 5573 5573 5573 5573 5573 5573 5573 5573 5573
CPP CPP_Weak_Cryptography Asymmetric_Encryption_RSA_Low_Public_Exponent Medium 5605 5605 5605 5605 5605 5605 5605 5605
CPP CPP_Weak_Cryptography Encoding_Used_Instead_of_Encryption Medium 5531 5531 5531 5531 5531 5531 5531
CPP CPP_Weak_Cryptography Hashing_Length_Extension_Attack Medium 5561 5561 5561 5561 5561 5561 5561
CPP CPP_Weak_Cryptography Personal_Information_Without_Encryption Medium 5532 5532 5532 5532 5532 5532 5532 5532 5532 5532
CPP CPP_Weak_Cryptography Symmetric_Encryption_Insecure_Cipher_Mode Medium 5582 5582 5582 5582 5582 5582 5582
CPP CPP_Weak_Cryptography Symmetric_Encryption_Insecure_Predictable_IV Medium 5541 5541 5541 5541 5541 5541 5541
CPP CPP_Weak_Cryptography Symmetric_Encryption_Insecure_Predictable_Key Medium 5568 5568 5568 5568 5568 5568 5568
CPP CPP_Weak_Cryptography Symmetric_Encryption_Insecure_Static_IV Medium 5565 5565 5565 5565 5565 5565 5565
CPP CPP_Weak_Cryptography Symmetric_Encryption_Insecure_Static_Key Medium 5543 5543 5543 5543 5543 5543 5543
CPP CPP_Weak_Cryptography Use_Of_Weak_Hashing_Primitive Medium 5534 5534 5534 5534 5534 5534 5534
CPP CPP_Weak_Cryptography Weak_Randomness_Biased_Random_Sample Medium 5575 5575 5575 5575 5575 5575 5575 5575
CSharp CSharp_Best_Coding_Practice Aptca_Methods_Call_Non_Aptca_Methods Information 351 351
CSharp CSharp_Best_Coding_Practice Catch_NullPointerException Information 352 352 352 352 352

Page 8 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
CSharp CSharp_Best_Coding_Practice Declaration_Of_Catch_For_Generic_Exception Information 364 364 364 364 364 364
CSharp CSharp_Best_Coding_Practice Deprecated_Methods Information 4695 4695 4695
CSharp CSharp_Best_Coding_Practice Detection_of_Error_Condition_Without_Action Information 355 355 355 355 355 355 355
CSharp CSharp_Best_Coding_Practice Direct_Use_of_Sockets Information 368 368 368
CSharp CSharp_Best_Coding_Practice Dynamic_SQL_Queries Information 354 354 354 354 354 354 354 354 354 354 354
CSharp CSharp_Best_Coding_Practice Exposure_of_Resource_to_Wrong_Sphere Information 374 374 374 374 374 374
CSharp CSharp_Best_Coding_Practice GetLastWin32Error_Is_Not_Called_After_Pinvoke Information 356 356 356
CSharp CSharp_Best_Coding_Practice Hardcoded_Absolute_Path Information 440 440 440 440 440 440 440 440
CSharp CSharp_Best_Coding_Practice Hardcoded_Connection_String Information 357 357 357 357 357 357 357 357 357 357 357 357
CSharp CSharp_Best_Coding_Practice Insufficient_Logging_of_Database_Actions Information 5303 5303 5303 5303 5303
CSharp CSharp_Best_Coding_Practice Insufficient_Logging_of_Exceptions Information 5273 5273 5273 5273 5273
CSharp CSharp_Best_Coding_Practice Insufficient_Logging_of_Sensitive_Operations Information 6508 6508 6508 6508 6508
CSharp CSharp_Best_Coding_Practice Just_One_of_Equals_and_Hash_code_Defined Information 438 438 438 438
CSharp CSharp_Best_Coding_Practice Leftover_Debug_Code Information 359 359 359 359 359
CSharp CSharp_Best_Coding_Practice Magic_Numbers Information 360
CSharp CSharp_Best_Coding_Practice Missing_XML_Validation Information 361 361 361 361
CSharp CSharp_Best_Coding_Practice Non_Private_Static_Constructors Information 362 362
CSharp CSharp_Best_Coding_Practice NULL_Argument_to_Equals Information 363
CSharp CSharp_Best_Coding_Practice Pages_Without_Global_Error_Handler Information 365 365 365 365 365 365 365
CSharp CSharp_Best_Coding_Practice PersistSecurityInfo_is_True Information 366 366
CSharp CSharp_Best_Coding_Practice Routed_Deprecated_Code Information 6503 6503 6503
CSharp CSharp_Best_Coding_Practice Suspicious_Endpoints Information 6498 6498 6498 6498
CSharp CSharp_Best_Coding_Practice Threads_in_WebApp Information 369 369
CSharp CSharp_Best_Coding_Practice Unchecked_Error_Condition Information 353 353 353 353 353 353 353
CSharp CSharp_Best_Coding_Practice Unchecked_Return_Value Information
CSharp CSharp_Best_Coding_Practice Unclosed_Objects Information 370
CSharp CSharp_Best_Coding_Practice Undocumented_API Information 6495 6495 6495
CSharp CSharp_Best_Coding_Practice Unsafe_Bidi_Unicode_Data Information 7148 7148 7148 7148 7148 7148 7148
CSharp CSharp_Best_Coding_Practice Unsafe_Homoglyphs_Unicode_Data Information 7149 7149 7149 7149 7149 7149 7149
CSharp CSharp_Best_Coding_Practice Unvalidated_Arguments_Of_Public_Methods Information 372
CSharp CSharp_Best_Coding_Practice Use_of_System_Output_Stream Information 373 373 373 373 373 373
CSharp CSharp_Best_Coding_Practice Use_Of_Uninitialized_Variables Information 371 371 371 371 371 371
CSharp CSharp_Best_Coding_Practice Using_Of_Index_Instead_Of_Key Information 2771 2771 2771 2771 2771
CSharp CSharp_Best_Coding_Practice Visible_Pointers Information 375 375 375 375 375 375
CSharp CSharp_Heuristic Heuristic_2nd_Order_SQL_Injection Low 417 417 417 417 417 417 417 417 417 417 417 417 417 417
CSharp CSharp_Heuristic Heuristic_CSRF Low 422 422 422 422 422 422 422 422 422 422 422 422 422
CSharp CSharp_Heuristic Heuristic_DB_Parameter_Tampering Low 418 418 418 418 418 418 418 418 418 418 418 418 418 418 418
CSharp CSharp_Heuristic Heuristic_Parameter_Tampering Low 419 419 419 419 419 419 419 419 419 419 419
CSharp CSharp_Heuristic Heuristic_SQL_Injection Low 420 420 420 420 420 420 420 420 420 420 420 420 420 420
CSharp CSharp_Heuristic Heuristic_Stored_XSS Low 421 421 421 421 421 421 421 421 421 421 421 421 421 421
CSharp CSharp_High_Risk Code_Injection High 423 423 423 423 423 423 423 423 423 423 423 423 423 423 423 423 423 423 423
CSharp CSharp_High_Risk Command_Injection High 424 424 424 424 424 424 424 424 424 424 424 424 424 424 424 424 424
CSharp CSharp_High_Risk Connection_String_Injection High 425 425 425 425 425 425 425 425 425 425 425 425 425 425 425 425 425
CSharp CSharp_High_Risk Dangerous_File_Upload High 436 436 436 436 436 436 436 436 436 436 436 436 436 436 436
CSharp CSharp_High_Risk Deserialization_of_Untrusted_Data High 4729 4729 4729 4729 4729 4729 4729 4729 4729 4729 4729 4729 4729 4729
CSharp CSharp_High_Risk Deserialization_of_Untrusted_Data_MSMQ High 5415 5415 5415 5415 5415 5415 5415 5415 5415 5415 5415 5415 5415
CSharp CSharp_High_Risk JWT_No_Signature_Verification High 6422 6422 6422 6422 6422 6422 6422 6422 6422
CSharp CSharp_High_Risk LDAP_Injection High 426 426 426 426 426 426 426 426 426 426 426 426 426 426 426 426 426 426
CSharp CSharp_High_Risk Reflected_XSS_All_Clients High 427 427 427 427 427 427 427 427 427 427 427 427 427 427 427 427 427 427 427
CSharp CSharp_High_Risk Resource_Injection High 428 428 428 428 428 428 428 428 428 428 428 428 428 428 428 428 428
CSharp CSharp_High_Risk Second_Order_SQL_Injection High 429 429 429 429 429 429 429 429 429 429 429 429 429 429 429 429 429 429 429
CSharp CSharp_High_Risk SQL_Injection High 430 430 430 430 430 430 430 430 430 430 430 430 430 430 430 430 430 430 430 430
CSharp CSharp_High_Risk Stored_XSS High 431 431 431 431 431 431 431 431 431 431 431 431 431 431 431 431 431 431
CSharp CSharp_High_Risk Unsafe_Reflection High 6661 6661 6661 6661 6661 6661 6661 6661 6661 6661
CSharp CSharp_High_Risk UTF7_XSS High 432 432 432 432 432 432 432 432 432 432 432 432 432 432 432 432
CSharp CSharp_High_Risk XPath_Injection High 433 433 433 433 433 433 433 433 433 433 433 433 433 433 433 433 433 433
CSharp CSharp_Low_Visibility Blind_SQL_Injections Low 434 434 434 434 434 434 434 434 434 434 434 434 434 434 434
CSharp CSharp_Low_Visibility Cleansing_Canonicalization_and_Comparison_Errors Low 439 439 439 439 439 439
CSharp CSharp_Low_Visibility Client_Side_Only_Validation Low 435 435 435 435 435 435 435 435
CSharp CSharp_Low_Visibility Command_Argument_Injection Low 6530 6530 6530 6530 6530 6530 6530 6530
CSharp CSharp_Low_Visibility Cross_Site_History_Manipulation Low
CSharp CSharp_Low_Visibility Heap_Inspection Low 3772 3772 3772 3772 3772 3772 3772 3772 3772 3772 3772 3772 3772 3772 3772
CSharp CSharp_Low_Visibility Impersonation_Issue Low 442 442 442 442 442 442 442
CSharp CSharp_Low_Visibility Improper_Encoding_Of_Output Low 2694 2694 2694 2694 2694 2694 2694 2694 2694 2694 2694 2694 2694
CSharp CSharp_Low_Visibility Improper_Exception_Handling Low 443 443 443 443 443 443 443 443 443 443 443 443
CSharp CSharp_Low_Visibility Improper_Resource_Shutdown_or_Release Low 437 437 437 437 437 437 437 437
CSharp CSharp_Low_Visibility Improper_Session_Management Low 444 444 444 444 444 444 444 444 444
CSharp CSharp_Low_Visibility Improper_Transaction_Handling Low 445 445 445 445 445
CSharp CSharp_Low_Visibility Inappropriate_Encoding_for_Output_Context Low 2707 2707 2707 2707 2707 2707 2707 2707 2707 2707
CSharp CSharp_Low_Visibility Information_Exposure_Through_an_Error_Message Low 460 460 460 460 460 460 460 460 460 460 460 460 460 460 460 460
CSharp CSharp_Low_Visibility Information_Exposure_via_Headers Low 6570 6570 6570 6570 6570 6570 6570 6570
CSharp CSharp_Low_Visibility Information_Leak_Through_Persistent_Cookies Low 450 450 450 450 450 450 450 450 450 450 450 450 450
CSharp CSharp_Low_Visibility Insufficiently_Protected_Credentials Low 449 449 449 449 449 449 449 449 449 449 449 449 449 449

Page 9 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
CSharp CSharp_Low_Visibility JavaScript_Hijacking Low 446 446 446 446 446 446 446 446 446
CSharp CSharp_Low_Visibility JWT_Excessive_Expiration_Time Low 6432 6432 6432 6432 6432 6432 6432
CSharp CSharp_Low_Visibility JWT_Use_Of_Hardcoded_Secret Low 6425 6425 6425 6425 6425 6425 6425 6425
CSharp CSharp_Low_Visibility Leaving_Temporary_Files Low 447 447 447 447 447 447 447
CSharp CSharp_Low_Visibility Log_Forging Low 448 448 448 448 448 448 448 448 448 448 448 448 448 448
CSharp CSharp_Low_Visibility Missing_Content_Security_Policy Low 5608 5608 5608 5608 5608 5608 5608 5608
CSharp CSharp_Low_Visibility Missing_Function_Level_Authorization Low 6456 6456 6456 6456 6456 6456 6456
CSharp CSharp_Low_Visibility Off_By_One_Error Low 2770 2770 2770 2770 2770 2770 2770
CSharp CSharp_Low_Visibility Open_Redirect Low 459 459 459 459 459 459 459 459 459 459 459 459 459 459 459 459
CSharp CSharp_Low_Visibility Overly_Permissive_Cross_Origin_Resource_Sharing_Policy Low 5364 5364 5364 5364 5364 5364 5364 5364
CSharp CSharp_Low_Visibility Password_In_Comment Low 6406 6406 6406 6406 6406 6406 6406 6406 6406 6406
CSharp CSharp_Low_Visibility Permissive_Content_Security_Policy Low 5850 5850 5850 5850 5850
CSharp CSharp_Low_Visibility Potential_ReDoS Low 451 451 451 451 451 451 451 451 451 451 451 451
CSharp CSharp_Low_Visibility Potential_ReDoS_By_Injection Low 452 452 452 452 452 452 452 452 452 452 452 452 452 452
CSharp CSharp_Low_Visibility Potential_ReDoS_In_Code Low 453 453 453 453 453 453 453 453 453 453 453 453
CSharp CSharp_Low_Visibility Potential_ReDoS_In_Static_Field Low 454 454 454 454 454 454 454 454 454 454 454 454
CSharp CSharp_Low_Visibility Reliance_on_DNS_Lookups_in_a_Decision Low 2090 2090 2090 2090 2090 2090 2090 2090 2090 2090 2090
CSharp CSharp_Low_Visibility Session_Clearing_Problems Low 455 455 455 455 455 455 455 455 455 455 455 455 455
CSharp CSharp_Low_Visibility Session_Poisoning Low
CSharp CSharp_Low_Visibility Stored_Code_Injection Low 5617 5617 5617 5617 5617 5617 5617 5617 5617 5617 5617 5617 5617 5617
CSharp CSharp_Low_Visibility Stored_Command_Argument_Injection Low 6531 6531 6531 6531 6531 6531 6531 6531
CSharp CSharp_Low_Visibility Thread_Safety_Issue Low 457 457 457 457 457 457 457 457 457
CSharp CSharp_Low_Visibility Trust_Boundary_Violation_in_Session_Variables Low 481 481 481 481 481 481 481 481 481 481 481 481 481 481 481
CSharp CSharp_Low_Visibility Unencrypted_Web_Config_File Low 5337 5337 5337 5337 5337 5337 5337 5337 5337 5337 5337
CSharp CSharp_Low_Visibility URL_Canonicalization_Issue Low 458 458 458 458 458
CSharp CSharp_Low_Visibility Use_Of_Broken_Or_Risky_Cryptographic_Algorithm Low 2226 2226 2226 2226 2226 2226 2226 2226 2226 2226 2226 2226 2226 2226 2226 2226
CSharp CSharp_Low_Visibility Use_Of_Hardcoded_Password Low 441 441 441 441 441 441 441 441 441 441 441 441 441 441 441 441 441
CSharp CSharp_Low_Visibility Use_of_Insufficiently_Random_Values Low 6306 6306 6306 6306 6306 6306 6306 6306 6306 6306 6306 6306
CSharp CSharp_Low_Visibility Use_of_RSA_Algorithm_without_OAEP Low 2091 2091 2091 2091 2091 2091 2091 2091 2091 2091 2091
CSharp CSharp_Low_Visibility XSS_Evasion_Attack Low 461 461 461 461 461 461 461 461 461 461 461 461 461 461
CSharp CSharp_Medium_Threat Buffer_Overflow Medium 462 462 462 462 462 462 462 462 462 462 462 462 462 462 462
CSharp CSharp_Medium_Threat CGI_XSS Medium 463 463 463 463 463 463 463 463 463 463 463 463 463 463 463 463
CSharp CSharp_Medium_Threat Cookie_Injection Medium 3638 3638 3638 3638 3638 3638 3638 3638 3638 3638 3638 3638 3638 3638 3638
CSharp CSharp_Medium_Threat CSRF Medium 483 483 483 483 483 483 483 483 483 483 483 483 483 483 483 483
CSharp CSharp_Medium_Threat Data_Filter_Injection Medium 465 465 465 465 465 465 465 465 465 465 465 465 465 465 465 465
CSharp CSharp_Medium_Threat DB_Parameter_Tampering Medium 466 466 466 466 466 466 466 466 466 466 466 466 466 466 466 466 466 466 466
CSharp CSharp_Medium_Threat DoS_by_Sleep Medium 467 467 467 467 467 467 467 467 467 467 467 467 467 467 467
CSharp CSharp_Medium_Threat Excessive_Data_Exposure Medium 6428 6428 6428 6428 6428 6428 6428
CSharp CSharp_Medium_Threat Hardcoded_password_in_Connection_String Medium 470 470 470 470 470 470 470 470 470 470 470 470 470
CSharp CSharp_Medium_Threat HTTP_Response_Splitting Medium
CSharp CSharp_Medium_Threat HttpOnlyCookies Medium 2350 2350 2350 2350 2350 2350 2350 2350 2350 2350 2350 2350 2350
CSharp CSharp_Medium_Threat Improper_Locking Medium 473 473 473 473 473 473 473 473 473 473
CSharp CSharp_Medium_Threat Improper_Restriction_of_XXE_Ref Medium 3685 3685 3685 3685 3685 3685 3685 3685 3685 3685 3685 3685 3685 3685 3685
CSharp CSharp_Medium_Threat Insecure_Cookie Medium 3637 3637 3637 3637 3637 3637 3637 3637 3637 3637 3637 3637
CSharp CSharp_Medium_Threat Insufficient_Connection_String_Encryption Medium 5327 5327 5327 5327 5327 5327 5327 5327 5327 5327 5327 5327
CSharp CSharp_Medium_Threat Integer_Overflow Medium
CSharp CSharp_Medium_Threat JWT_Lack_Of_Expiration_Time Medium 6421 6421 6421 6421 6421 6421 6421 6421
CSharp CSharp_Medium_Threat JWT_No_Expiration_Time_Validation Medium 6420 6420 6420 6420 6420 6420 6420 6420
CSharp CSharp_Medium_Threat JWT_Sensitive_Information_Exposure Medium 6424 6424 6424 6424 6424 6424 6424
CSharp CSharp_Medium_Threat Missing_Column_Encryption Medium 5339 5339 5339 5339 5339 5339 5339 5339 5339 5339
CSharp CSharp_Medium_Threat Missing_HSTS_Header Medium 5375 5375 5375 5375 5375 5375 5375 5375 5375 5375 5375 5375
CSharp CSharp_Medium_Threat Missing_Object_Level_Authorization Medium 6455 6455 6455 6455 6455 6455 6455 6455
CSharp CSharp_Medium_Threat MVC_View_Injection Medium 2351 2351 2351 2351 2351 2351 2351 2351 2351 2351 2351 2351 2351 2351 2351
CSharp CSharp_Medium_Threat No_Request_Validation Medium 3483 3483 3483 3483 3483 3483 3483 3483 3483 3483 3483 3483 3483 3483 3483
CSharp CSharp_Medium_Threat Parameter_Tampering Medium 474 474 474 474 474 474 474 474 474 474 474 474 474
CSharp CSharp_Medium_Threat Path_Traversal Medium 468 468 468 468 468 468 468 468 468 468 468 468 468 468 468 468 468
CSharp CSharp_Medium_Threat Persistent_Connection_String Medium 5312 5312 5312 5312 5312 5312 5312
CSharp CSharp_Medium_Threat Privacy_Violation Medium 475 475 475 475 475 475 475 475 475 475 475 475 475 475 475 475 475 475
CSharp CSharp_Medium_Threat Race_Condition_within_a_Thread Medium 2092 2092 2092 2092 2092 2092 2092 2092 2092
CSharp CSharp_Medium_Threat ReDoS_By_Regex_Injection Medium 476 476 476 476 476 476 476 476 476 476 476 476 476 476 476 476 476 476
CSharp CSharp_Medium_Threat ReDoS_In_Code Medium 477 477 477 477 477 477 477 477 477 477 477 477 477 477
CSharp CSharp_Medium_Threat ReDoS_In_Validation Medium 478 478 478 478 478 478 478 478 478 478 478 478 478 478
CSharp CSharp_Medium_Threat Reflected_XSS_Specific_Clients Medium 479 479 479 479 479 479 479 479 479 479 479 479 479 479 479 479
CSharp CSharp_Medium_Threat Session_Fixation Medium 2093 2093 2093 2093 2093 2093 2093 2093 2093 2093 2093 2093 2093 2093 2093 2093
CSharp CSharp_Medium_Threat SQL_Injection_Evasion_Attack Medium 480 480 480 480 480 480 480 480 480 480 480 480 480 480 480 480 480 480 480
CSharp CSharp_Medium_Threat SSL_Verification_Bypass Medium 6824 6824 6824 6824 6824 6824 6824 6824 6824
CSharp CSharp_Medium_Threat SSRF Medium 7752 7752 7752 7752
CSharp CSharp_Medium_Threat Stored_Command_Injection Medium 3491 3491 3491 3491 3491 3491 3491 3491 3491 3491 3491 3491 3491 3491 3491
CSharp CSharp_Medium_Threat Stored_LDAP_Injection Medium 3492 3492 3492 3492 3492 3492 3492 3492 3492 3492 3492 3492 3492 3492 3492 3492 3492 3492
CSharp CSharp_Medium_Threat Stored_Path_Traversal Medium 6671 6671 6671 6671 6671 6671 6671 6671 6671 6671 6671 6671 6671 6671
CSharp CSharp_Medium_Threat Stored_XPath_Injection Medium 3493 3493 3493 3493 3493 3493 3493 3493 3493 3493 3493 3493 3493 3493 3493 3493
CSharp CSharp_Medium_Threat Unclosed_Connection Medium
CSharp CSharp_Medium_Threat Unsafe_Object_Binding Medium 4653 4653 4653 4653 4653 4653 4653 4653 4653 4653 4653

Page 10 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
CSharp CSharp_Medium_Threat Use_of_Cryptographically_Weak_PRNG Medium 2125 2125 2125 2125 2125 2125 2125 2125 2125 2125 2125 2125 2125 2125 2125 2125 2125
CSharp CSharp_Medium_Threat Use_of_Hard_coded_Cryptographic_Key Medium 469 469 469 469 469 469 469 469 469 469 469 469 469 469 469 469 469 469
CSharp CSharp_Medium_Threat Value_Shadowing Medium 3869 3869 3869 3869 3869 3869 3869 3869 3869 3869
CSharp CSharp_WebConfig CookieLess_Authentication Medium 493 493 493 493 493 493 493 493 493 493
CSharp CSharp_WebConfig CookieLess_Session_State Medium 494 494 494 494 494 494 494 494 494 494
CSharp CSharp_WebConfig CustomError Low 495 495 495 495 495 495 495 495 495 495 495
CSharp CSharp_WebConfig DebugEnabled Low 496 496 496 496 496 496 496 496 496 496 496 496 496
CSharp CSharp_WebConfig Directory_Browse Low 2126 2126 2126 2126 2126 2126 2126
CSharp CSharp_WebConfig Elmah_Enabled Medium 5325 5325 5325 5325 5325 5325 5325 5325
CSharp CSharp_WebConfig HardcodedCredentials Medium 497 497 497 497 497 497 497 497 497 497 497
CSharp CSharp_WebConfig HttpOnlyCookies_In_Config Medium 498 498 498 498 498 498 498 498 498 498 498
CSharp CSharp_WebConfig Missing_X_Frame_Options Low 3055 3055 3055 3055 3055 3055 3055 3055 3055
CSharp CSharp_WebConfig NonUniqueFormName Low 499 499 499 499 499 499 499 499
CSharp CSharp_WebConfig Password_in_Configuration_File Low 3018 3018 3018 3018 3018 3018 3018 3018 3018 3018 3018
CSharp CSharp_WebConfig RequireSSL Medium 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500
CSharp CSharp_WebConfig SlidingExpiration Low 501 501 501 501 501 501 501 501 501 501 501 501
CSharp CSharp_WebConfig TraceEnabled Medium 502 502 502 502 502 502 502 502 502 502
CSharp CSharp_Windows_Phone Client_Side_Injection High 2954 2954 2954 2954
CSharp CSharp_Windows_Phone Failure_to_Implement_Least_Privilege Low 2955 2955 2955 2955
CSharp CSharp_Windows_Phone Hard_Coded_Cryptography_Key Medium 2956 2956 2956 2956
CSharp CSharp_Windows_Phone Insecure_Data_Storage High 2957 2957 2957 2957
CSharp CSharp_Windows_Phone Insufficient_Application_Layer_Protect High 2958 2958 2958 2958
CSharp CSharp_Windows_Phone Poor_Authorization_and_Authentication Medium 2959 2959 2959 2959
CSharp CSharp_Windows_Phone Side_Channel_Data_Leakage Low 2961 2961 2961 2961
Dart Dart_Mobile_Best_Coding_Practice Encrypted_Sensitive_Information_in_External_Storage Information 7662 7662 7662 7662 7662
Dart Dart_Mobile_Best_Coding_Practice Unused_Permission Information 7673 7673 7673 7673 7673
Dart Dart_Mobile_Best_Coding_Practice Using_Deprecated_Methods Information 7672 7672 7672 7672 7672 7672
Dart Dart_Mobile_Best_Coding_Practice WebView_Cache_Information_Leak Information 7671 7671 7671
Dart Dart_Mobile_High_Risk Resource_Updated_By_URL_Data High 7341 7341 7341 7341 7341 7341 7341 7341
Dart Dart_Mobile_High_Risk Sensitive_Information_Over_HTTP High 7471 7471 7471 7471 7471 7471 7471 7471 7471 7471 7471 7471
Dart Dart_Mobile_High_Risk Sensitive_Information_Through_URL_Scheme High 7520 7520 7520 7520 7520 7520 7520 7520 7520 7520 7520
Dart Dart_Mobile_High_Risk Unencrypted_Sensitive_Information_in_Publicly_Accessible_Cloud_Storage High 7656 7656 7656 7656 7656 7656 7656 7656 7656 7656
Dart Dart_Mobile_High_Risk Unsafe_Reflection High 7442 7442 7442 7442 7442 7442 7442 7442 7442
Dart Dart_Mobile_Low_Visibility App_Transport_Security_Disabled Low 7540 7540 7540 7540 7540 7540 7540 7540 7540
Dart Dart_Mobile_Low_Visibility Autocorrection_Keystroke_Logging Low 7480 7480 7480 7480 7480 7480 7480 7480 7480 7480
Dart Dart_Mobile_Low_Visibility Encrypted_Sensitive_Information_in_Publicly_Accessible_Cloud_Storage Low 7661 7661 7661 7661 7661 7661 7661 7661 7661
Dart Dart_Mobile_Low_Visibility Hardcoded_Password_In_Gradle Low 7405 7405 7405 7405 7405 7405 7405 7405 7405 7405 7405
Dart Dart_Mobile_Low_Visibility Implicit_Intent_With_Read_Write_Permissions Low 7635 7635 7635 7635 7635 7635 7635 7635
Dart Dart_Mobile_Low_Visibility Improper_Resource_Shutdown_or_Release Low 7476 7476 7476 7476 7476 7476
Dart Dart_Mobile_Low_Visibility Insecure_Android_SDK_Version Low 7393 7393 7393 7393 7393 7393 7393 7393
Dart Dart_Mobile_Low_Visibility Insecure_HTTP_Connections_Enabled Low 7541 7541 7541 7541 7541 7541 7541 7541 7541
Dart Dart_Mobile_Low_Visibility Missing_Certificate_Pinning Low 7665 7665 7665 7665 7665 7665 7665 7665 7665
Dart Dart_Mobile_Low_Visibility Missing_Device_Lock_Verification Low 7506 7506 7506 7506 7506 7506 7506 7506 7506
Dart Dart_Mobile_Low_Visibility Missing_Root_Or_Jailbreak_Check Low 7468 7468 7468 7468 7468 7468 7468 7468 7468 7468 7468
Dart Dart_Mobile_Low_Visibility No_Installer_Verification_Implemented Low 7600 7600 7600 7600 7600 7600 7600 7600 7600
Dart Dart_Mobile_Low_Visibility Parameter_Tampering Low
Dart Dart_Mobile_Low_Visibility Private_Storage_SQL_Injection Low 7364 7364 7364 7364 7364 7364 7364 7364 7364 7364 7364
Dart Dart_Mobile_Low_Visibility Private_Storage_WebView_JavaScript_Injection Low 7416 7416 7416 7416 7416 7416 7416 7416 7416 7416
Dart Dart_Mobile_Low_Visibility Secret_Stored_Outside_of_Keychain Low 7669 7669 7669 7669 7669 7669 7669 7669
Dart Dart_Mobile_Low_Visibility Self_SQL_Injection Low 7313 7313 7313 7313 7313 7313 7313 7313 7313 7313 7313
Dart Dart_Mobile_Low_Visibility Self_WebView_JavaScript_Injection Low 7412 7412 7412 7412 7412 7412 7412 7412 7412 7412
Dart Dart_Mobile_Low_Visibility Unencrypted_Sensitive_Information_in_Internal_Storage Low 7660 7660 7660 7660 7660 7660 7660 7660
Dart Dart_Mobile_Low_Visibility Unencrypted_Sensitive_Information_in_Temporary_File Low 7634 7634 7634 7634 7634 7634 7634
Dart Dart_Mobile_Low_Visibility Use_Of_Implicit_Intent_For_Sensitive_Communication Low 7626 7626 7626 7626 7626 7626 7626
Dart Dart_Mobile_Low_Visibility Use_of_Native_Language Low 7409 7409 7409 7409 7409 7409
Dart Dart_Mobile_Low_Visibility Use_of_Non_Cryptographic_Random Low 7608 7608 7608 7608 7608 7608 7608 7608
Dart Dart_Mobile_Low_Visibility User_Information_in_Publicly_Accessible_Storage Low 7555 7555 7555 7555 7555 7555 7555 7555 7555
Dart Dart_Mobile_Medium_Threat Absolute_Path_Traversal Medium 8133 8133 8133 8133 8133 8133 8133 8133 8133 8133
Dart Dart_Mobile_Medium_Threat Broken_or_Risky_Encryption_Algorithm Medium 7624 7624 7624 7624 7624 7624 7624 7624 7624 7624
Dart Dart_Mobile_Medium_Threat Broken_or_Risky_Hashing_Function Medium 7625 7625 7625 7625 7625 7625 7625 7625
Dart Dart_Mobile_Medium_Threat Communication_Over_HTTP Medium 7472 7472 7472 7472 7472 7472 7472 7472 7472 7472 7472 7472
Dart Dart_Mobile_Medium_Threat Encoding_Used_Instead_of_Encryption Medium 7655 7655 7655 7655 7655 7655 7655 7655 7655 7655
Dart Dart_Mobile_Medium_Threat Improper_Certificate_Validation Medium 7411 7411 7411 7411 7411 7411 7411 7411 7411 7411 7411 7411
Dart Dart_Mobile_Medium_Threat Information_Exposure_Through_Query_String Medium 7470 7470 7470 7470 7470 7470 7470 7470 7470 7470
Dart Dart_Mobile_Medium_Threat Insecure_Asymmetric_Cryptographic_Algorithm_Parameters Medium 7627 7627 7627 7627 7627 7627 7627 7627 7627
Dart Dart_Mobile_Medium_Threat Insecure_WebSocket_Connection Medium 8113 8113 8113 8113 8113
Dart Dart_Mobile_Medium_Threat Insufficiently_Secure_Password_Storage_Algorithm_Parameters Medium 7633 7633 7633 7633 7633 7633 7633 7633 7633 7633 7633
Dart Dart_Mobile_Medium_Threat Pasteboard_Leakage Medium 7421 7421 7421 7421 7421 7421 7421 7421 7421 7421 7421 7421
Dart Dart_Mobile_Medium_Threat Poor_Authorization_and_Authentication Medium 7427 7427 7427 7427 7427 7427 7427 7427 7427 7427 7427
Dart Dart_Mobile_Medium_Threat Public_Storage_SQL_Injection Medium 7372 7372 7372 7372 7372 7372 7372 7372 7372 7372 7372 7372
Dart Dart_Mobile_Medium_Threat Public_Storage_WebView_JavaScript_Injection Medium 7417 7417 7417 7417 7417 7417 7417 7417 7417 7417 7417
Dart Dart_Mobile_Medium_Threat Relative_Path_Traversal Medium 7484 7484 7484 7484 7484 7484 7484 7484 7484 7484
Dart Dart_Mobile_Medium_Threat SQL_Injection_from_URL_Scheme_or_Intent Medium 7365 7365 7365 7365 7365 7365 7365 7365 7365 7365 7365 7365

Page 11 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
Dart Dart_Mobile_Medium_Threat Third_Party_Keyboards_On_Sensitive_Field Medium 7630 7630 7630 7630 7630 7630 7630
Dart Dart_Mobile_Medium_Threat Unencrypted_Sensitive_Information_in_External_Storage Medium 7657 7657 7657 7657 7657 7657 7657 7657 7657 7657
Dart Dart_Mobile_Medium_Threat Use_of_Cryptographically_Weak_PRNG Medium 7610 7610 7610 7610 7610 7610 7610 7610 7610 7610
Dart Dart_Mobile_Medium_Threat Use_of_Hardcoded_Cryptographic_IV Medium 7623 7623 7623 7623 7623 7623 7623 7623 7623 7623
Dart Dart_Mobile_Medium_Threat Use_of_Hardcoded_Cryptographic_Key_in_Client Medium 7628 7628 7628 7628 7628 7628 7628 7628 7628 7628 7628
Dart Dart_Mobile_Medium_Threat Use_of_Hardcoded_Salt Medium 7614 7614 7614 7614 7614 7614 7614 7614 7614 7614
Dart Dart_Mobile_Medium_Threat WebView_JavaScript_Injection_from_URL_Scheme Medium 7343 7343 7343 7343 7343 7343 7343 7343 7343 7343 7343 7343
Go Go_AWS_Lambda AWS_Credentials_Leak High 7495 7495 7495 7495 7495 7495 7495 7495
Go Go_AWS_Lambda DynamoDB_NoSQL_Injection High 7501 7501 7501 7501 7501 7501 7501 7501
Go Go_AWS_Lambda Hardcoded_AWS_Credentials Low 7493 7493 7493 7493 7493 7493 7493
Go Go_AWS_Lambda Permission_Manipulation_In_S3 Medium 7507 7507 7507 7507 7507 7507 7507 7507
Go Go_AWS_Lambda Race_Condition_Global_Scope Low 7502 7502 7502
Go Go_AWS_Lambda Unrestricted_Read_S3 Low 7490 7490 7490 7490 7490 7490 7490
Go Go_AWS_Lambda Unrestricted_Write_S3 Low 7486 7486 7486 7486 7486 7486 7486
Go Go_AWS_Lambda Use_of_Hardcoded_Cryptographic_Key_On_Server Medium 7492 7492 7492 7492 7492 7492 7492 7492
Go Go_AWS_Lambda User_Based_SDK_Configurations Low 7494 7494 7494 7494
Go Go_High_Risk CGI_XSS High 4688 4688 4688 4688 4688 4688 4688 4688 4688 4688 4688 4688 4688 4688 4688 4688
Go Go_High_Risk Command_Injection High 4667 4667 4667 4667 4667 4667 4667 4667 4667 4667 4667 4667 4667 4667
Go Go_High_Risk Connection_String_Injection High 7293 7293 7293 7293 7293 7293 7293 7293
Go Go_High_Risk Deserialization_of_Untrusted_Data High
Go Go_High_Risk JWT_No_Signature_Verification High 6655 6655 6655 6655 6655 6655 6655 6655
Go Go_High_Risk Reflected_XSS_All_Clients High 4707 4707 4707 4707 4707 4707 4707 4707 4707 4707 4707 4707 4707 4707 4707 4707 4707
Go Go_High_Risk Second_Order_SQL_Injection High 6707 6707 6707 6707 6707 6707 6707 6707 6707 6707 6707 6707 6707 6707 6707
Go Go_High_Risk SQL_Injection High 4758 4758 4758 4758 4758 4758 4758 4758 4758 4758 4758 4758 4758 4758 4758 4758 4758 4758
Go Go_High_Risk Stored_Command_Injection High 7303 7303 7303 7303 7303 7303 7303
Go Go_High_Risk Stored_XSS_All_Clients High 4693 4693 4693 4693 4693 4693 4693 4693 4693 4693 4693 4693
Go Go_High_Risk Unsafe_Reflection High 7311 7311 7311 7311 7311 7311
Go Go_Insecure_Credential_Storage Insecure_Credential_Storage_Mechanism Medium 4650 4650 4650 4650 4650 4650 4650 4650 4650 4650 4650 4650 4650 4650
Go Go_Insecure_Credential_Storage Insecure_Scrypt_Parameters Medium 4670 4670 4670 4670 4670 4670 4670 4670 4670 4670 4670 4670 4670 4670
Go Go_Insecure_Credential_Storage Insufficient_Bcrypt_Cost Medium 4666 4666 4666 4666 4666 4666 4666 4666 4666 4666 4666 4666 4666 4666
Go Go_Insecure_Credential_Storage Insufficient_Output_Length Medium 4744 4744 4744 4744 4744 4744 4744 4744 4744 4744 4744 4744 4744 4744
Go Go_Insecure_Credential_Storage PBKDF2_Insufficient_Iteration_Count Medium 4665 4665 4665 4665 4665 4665 4665 4665 4665 4665 4665 4665 4665 4665
Go Go_Insecure_Credential_Storage PBKDF2_Weak_Salt_Value Medium 4671 4671 4671 4671 4671 4671 4671 4671 4671 4671 4671 4671 4671 4671
Go Go_Insecure_Credential_Storage Scrypt_Weak_Salt_Value Medium 4675 4675 4675 4675 4675 4675 4675 4675 4675 4675 4675 4675 4675 4675
Go Go_Low_Visibility Command_Argument_Injection Low 7304 7304 7304 7304 7304 7304 7304 7304
Go Go_Low_Visibility Deprecated_API Low 7367 7367 7367 7367 7367 7367
Go Go_Low_Visibility Empty_Password_In_Connection_String Low 6705 6705 6705 6705 6705 6705 6705 6705 6705 6705 6705 6705
Go Go_Low_Visibility Improper_Error_Handling Low 5975 5975 5975 5975 5975 5975 5975 5975
Go Go_Low_Visibility Incorrect_Reflect_Value_Comparison Low 7366 7366 7366 7366
Go Go_Low_Visibility Log_Forging Low 6657 6657 6657 6657 6657 6657 6657 6657 6657 6657 6657
Go Go_Low_Visibility Missing_Content_Security_Policy Low 4841 4841 4841 4841 4841 4841 4841 4841 4841
Go Go_Low_Visibility Open_Redirect Low 6320 6320 6320 6320 6320 6320 6320 6320 6320 6320 6320 6320
Go Go_Low_Visibility Overly_Permissive_Cross_Origin_Resource_Sharing_Policy Low 4685 4685 4685 4685 4685 4685 4685 4685
Go Go_Low_Visibility Permissive_Content_Security_Policy Low 5886 5886 5886 5886 5886
Go Go_Low_Visibility Plain_Text_Transport_Layer_in_Server Low 6702 6702 6702 6702 6702 6702 6702
Go Go_Low_Visibility Race_Condition_In_Cross_Functionality Low 5810 5810 5810 5810 5810 5810
Go Go_Low_Visibility Stored_Command_Argument_Injection Low 7305 7305 7305 7305 7305 7305 7305 7305
Go Go_Low_Visibility Use_Of_Broken_Or_Risky_Cryptographic_Algorithm Low 6617 6617 6617 6617 6617 6617 6617 6617 6617 6617 6617 6617 6617
Go Go_Low_Visibility Use_of_Hardcoded_Password Low 5744 5744 5744 5744 5744 5744 5744 5744 5744 5744 5744 5744 5744 5744 5744
Go Go_Low_Visibility Use_Of_Unsafe_Package Low 6706 6706 6706 6706 6706
Go Go_Medium_Threat Cleartext_Transmission_Of_Sensitive_Information Medium 6704 6704 6704 6704 6704 6704 6704 6704 6704 6704 6704
Go Go_Medium_Threat Denial_Of_Service_Resource_Exhaustion Medium 4679 4679 4679 4679 4679 4679 4679 4679 4679 4679 4679 4679 4679
Go Go_Medium_Threat Divide_By_Zero Medium 7407 7407 7407 7407 7407
Go Go_Medium_Threat Email_Content_Forgery Medium 6688 6688 6688 6688 6688 6688 6688 6688
Go Go_Medium_Threat Hardcoded_Password_in_Connection_String Medium 5753 5753 5753 5753 5753 5753 5753 5753 5753 5753
Go Go_Medium_Threat Insecure_Value_of_the_SameSite_Cookie_Attribute_in_Code Medium 8144 8144 8144 8144
Go Go_Medium_Threat Integer_Overflow Medium 7395 7395 7395 7395 7395 7395 7395 7395
Go Go_Medium_Threat Missing_HSTS_Header Medium 5432 5432 5432 5432 5432 5432 5432 5432 5432 5432
Go Go_Medium_Threat Missing_HttpOnly_Cookie Medium 6326 6326 6326 6326 6326 6326 6326 6326
Go Go_Medium_Threat Missing_Secure_Cookie Medium 6327 6327 6327 6327 6327 6327
Go Go_Medium_Threat Parameter_Tampering Medium 7358 7358 7358 7358 7358 7358 7358 7358
Go Go_Medium_Threat Privacy_Violation Medium 6696 6696 6696 6696 6696 6696 6696 6696 6696 6696 6696 6696 6696 6696 6696
Go Go_Medium_Threat Race_Condition_Concurrent_Instances Medium 6690 6690 6690 6690 6690 6690
Go Go_Medium_Threat Reflected_Absolute_Path_Traversal Medium 4755 4755 4755 4755 4755 4755 4755 4755 4755 4755 4755 4755 4755 4755 4755 4755 4755
Go Go_Medium_Threat Reflected_Relative_Path_Traversal Medium 7355 7355 7355 7355 7355 7355 7355 7355 7355 7355 7355 7355 7355 7355 7355 7355
Go Go_Medium_Threat SSL_Verification_Bypass Medium 6691 6691 6691 6691 6691 6691 6691 6691 6691 6691 6691
Go Go_Medium_Threat SSRF Medium 4737 4737 4737 4737 4737 4737 4737 4737 4737 4737 4737 4737
Go Go_Medium_Threat Stored_Absolute_Path_Traversal Medium 7356 7356 7356 7356 7356 7356 7356 7356 7356 7356 7356 7356 7356 7356 7356 7356
Go Go_Medium_Threat Stored_Relative_Path_Traversal Medium 7357 7357 7357 7357 7357 7357 7357 7357 7357 7357 7357 7357 7357 7357 7357 7357
Go Go_Medium_Threat Trust_Proxy_On Medium 8218 8218 8218 8218
Go Go_Medium_Threat Unsafe_Object_Binding Medium 8225 8225 8225 8225
Go Go_Medium_Threat Use_of_Cryptographically_Weak_PRNG Medium 6592 6592 6592 6592 6592 6592 6592 6592 6592 6592 6592 6592 6592 6592
Go Go_Medium_Threat Use_of_Weak_RSA_Keys Medium 6595 6595 6595 6595 6595 6595 6595

Page 12 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
Groovy Groovy_Best_Coding_Practice Assign_Collection Information 3256 3256 3256 3256 3256 3256 3256
Groovy Groovy_Best_Coding_Practice Assigning_instead_of_Comparing Information 3255 3255
Groovy Groovy_Best_Coding_Practice Comparing_instead_of_Assigning Information 3257 3257 3257
Groovy Groovy_Best_Coding_Practice Declaration_Of_Catch_For_Generic_Exception Information 3258 3258 3258 3258 3258 3258 3258 3258
Groovy Groovy_Best_Coding_Practice Declaration_of_Throws_for_Generic_Exception Information 3259 3259 3259 3259 3259 3259 3259
Groovy Groovy_Best_Coding_Practice Deprecated_Groovy_Code Information 3260
Groovy Groovy_Best_Coding_Practice Dynamic_SQL_Queries Information 3261 3261 3261 3261 3261 3261 3261 3261 3261 3261 3261 3261
Groovy Groovy_Best_Coding_Practice Empty_Methods Information 3262 3262 3262 3262 3262 3262 3262
Groovy Groovy_Best_Coding_Practice Explicit_Calls_To_Methods Information 3263 3263 3263 3263 3263 3263 3263
Groovy Groovy_Best_Coding_Practice Explicit_Instantiation Information 3264 3264 3264 3264 3264 3264 3264
Groovy Groovy_Best_Coding_Practice Exposure_of_Resource_to_Wrong_Sphere Information 3265 3265 3265 3265 3265 3265 3265 3265
Groovy Groovy_Best_Coding_Practice Getter_Method_Could_Be_Property Information 3266 3266 3266 3266 3266 3266 3266
Groovy Groovy_Best_Coding_Practice GOTO_Statement Information 3267 3267
Groovy Groovy_Best_Coding_Practice Hardcoded_Absolute_Path Information 3308 3308 3308 3308 3308 3308 3308 3308
Groovy Groovy_Best_Coding_Practice Hardcoded_Connection_String Information 3268 3268 3268 3268 3268 3268 3268 3268 3268 3268 3268 3268
Groovy Groovy_Best_Coding_Practice Incorrect_Block_Delimitation Information 3269 3269
Groovy Groovy_Best_Coding_Practice Just_One_of_Equals_and_Hash_code_Defined Information 3325 3325 3325 3325
Groovy Groovy_Best_Coding_Practice Missing_Default_Case_In_Switch_Statement Information 3270 3270
Groovy Groovy_Best_Coding_Practice Omitted_Break_Statement_In_Switch Information 3271 3271
Groovy Groovy_Best_Coding_Practice Potential_Usage_of_Vulnerable_Log4J Information 7051 7051 7051 7051 7051 7051 7051
Groovy Groovy_Best_Coding_Practice Public_Static_Field_Not_Marked_Final Information 3272 3272
Groovy Groovy_Best_Coding_Practice Return_Inside_Finally_Block Information 3273 3273 3273 3273 3273
Groovy Groovy_Best_Coding_Practice Use_Collect_Many Information 3274 3274 3274 3274 3274 3274
Groovy Groovy_Best_Coding_Practice Use_Collect_Nested Information 3275 3275 3275 3275 3275 3275
Groovy Groovy_Best_Coding_Practice Use_of_Wrong_Operator_in_String_Comparison Information 3276 3276
Groovy Groovy_Heuristic Heuristic_2nd_Order_SQL_Injection Low 3277 3277 3277 3277 3277 3277 3277 3277 3277 3277 3277 3277 3277 3277
Groovy Groovy_Heuristic Heuristic_CGI_Stored_XSS Low 3278 3278 3278 3278 3278 3278 3278 3278 3278 3278 3278 3278 3278 3278
Groovy Groovy_Heuristic Heuristic_CSRF Low 3283 3283 3283 3283 3283 3283 3283 3283 3283 3283 3283 3283 3283
Groovy Groovy_Heuristic Heuristic_DB_Parameter_Tampering Low 3279 3279 3279 3279 3279 3279 3279 3279 3279 3279 3279 3279 3279 3279
Groovy Groovy_Heuristic Heuristic_Parameter_Tampering Low 3280 3280 3280 3280 3280 3280 3280 3280 3280 3280 3280
Groovy Groovy_Heuristic Heuristic_SQL_Injection Low 3281 3281 3281 3281 3281 3281 3281 3281 3281 3281 3281 3281 3281 3281
Groovy Groovy_Heuristic Heuristic_Stored_XSS Low 3282 3282 3282 3282 3282 3282 3282 3282 3282 3282 3282 3282 3282 3282
Groovy Groovy_High_Risk Code_Injection High 3284 3284 3284 3284 3284 3284 3284 3284 3284 3284 3284 3284 3284 3284 3284 3284
Groovy Groovy_High_Risk Command_Injection High 3285 3285 3285 3285 3285 3285 3285 3285 3285 3285 3285 3285 3285 3285 3285 3285
Groovy Groovy_High_Risk Connection_String_Injection High 3286 3286 3286 3286 3286 3286 3286 3286 3286 3286 3286 3286 3286 3286 3286 3286 3286
Groovy Groovy_High_Risk LDAP_Injection High 3287 3287 3287 3287 3287 3287 3287 3287 3287 3287 3287 3287 3287 3287 3287 3287 3287
Groovy Groovy_High_Risk Reflected_XSS_All_Clients High 3288 3288 3288 3288 3288 3288 3288 3288 3288 3288 3288 3288 3288 3288 3288 3288 3288 3288
Groovy Groovy_High_Risk Resource_Injection High 3289 3289 3289 3289 3289 3289 3289 3289 3289 3289 3289 3289 3289 3289 3289 3289 3289
Groovy Groovy_High_Risk Second_Order_SQL_Injection High 3290 3290 3290 3290 3290 3290 3290 3290 3290 3290 3290 3290 3290 3290 3290 3290 3290
Groovy Groovy_High_Risk SQL_Injection High 3291 3291 3291 3291 3291 3291 3291 3291 3291 3291 3291 3291 3291 3291 3291 3291 3291 3291
Groovy Groovy_High_Risk Stored_XSS High 3292 3292 3292 3292 3292 3292 3292 3292 3292 3292 3292 3292 3292 3292 3292 3292 3292
Groovy Groovy_High_Risk UTF7_XSS High 3293 3293 3293 3293 3293 3293 3293 3293 3293 3293 3293 3293 3293 3293 3293 3293
Groovy Groovy_High_Risk XPath_Injection High 3294 3294 3294 3294 3294 3294 3294 3294 3294 3294 3294 3294 3294 3294 3294 3294 3294
Groovy Groovy_Low_Visibility Authorization_Bypass_Through_User_Controlled_SQL_PrimaryKey Low 3295 3295 3295 3295 3295 3295 3295 3295 3295 3295
Groovy Groovy_Low_Visibility Blind_SQL_Injections Low 3296 3296 3296 3296 3296 3296 3296 3296 3296 3296 3296 3296 3296 3296
Groovy Groovy_Low_Visibility Channel_Accessible_by_NonEndpoint Low 3297 3297 3297 3297 3297 3297 3297
Groovy Groovy_Low_Visibility Cleansing_Canonicalization_and_Comparison_Errors Low 3298 3298 3298 3298 3298
Groovy Groovy_Low_Visibility Collapse_of_Data_into_Unsafe_Value Low 3299 3299 3299 3299
Groovy Groovy_Low_Visibility Creation_of_Temp_File_in_Dir_with_Incorrect_Permissions Low 3300 3300 3300 3300 3300 3300 3300 3300 3300
Groovy Groovy_Low_Visibility Creation_of_Temp_File_With_Insecure_Permissions Low 3301 3301 3301 3301 3301 3301 3301 3301 3301
Groovy Groovy_Low_Visibility Cross_Site_History_Manipulation Low
Groovy Groovy_Low_Visibility Data_Leak_Between_Sessions Low 3302 3302 3302 3302 3302 3302 3302 3302 3302 3302 3302 3302
Groovy Groovy_Low_Visibility DB_Control_of_System_or_Config_Setting Low 3303 3303 3303 3303 3303 3303 3303 3303
Groovy Groovy_Low_Visibility Divide_By_Zero Low 3304 3304 3304 3304 3304
Groovy Groovy_Low_Visibility Empty_Password_In_Connection_String Low 3460 3460 3460 3460 3460 3460 3460 3460 3460 3460 3460 3460 3460
Groovy Groovy_Low_Visibility ESAPI_Same_Password_Repeats_Twice Low 3305 3305 3305 3305 3305 3305 3305 3305 3305 3305 3305 3305 3305
Groovy Groovy_Low_Visibility Escape_False Low 3306 3306 3306 3306 3306 3306 3306 3306 3306 3306 3306
Groovy Groovy_Low_Visibility Exposure_of_System_Data Low 3307 3307 3307 3307 3307 3307 3307 3307 3307 3307 3307
Groovy Groovy_Low_Visibility Heap_Inspection Low 3834 3834 3834 3834 3834 3834 3834 3834 3834 3834 3834 3834 3834
Groovy Groovy_Low_Visibility Improper_Build_Of_Sql_Mapping Low 3309 3309 3309 3309 3309 3309 3309 3309 3309 3309 3309 3309 3309
Groovy Groovy_Low_Visibility Improper_Exception_Handling Low 3310 3310 3310 3310 3310 3310 3310 3310 3310 3310 3310
Groovy Groovy_Low_Visibility Improper_Resource_Locking Low 3311 3311 3311 3311 3311 3311
Groovy Groovy_Low_Visibility Improper_Resource_Shutdown_or_Release Low 3312 3312 3312 3312 3312 3312 3312 3312
Groovy Groovy_Low_Visibility Improper_Session_Management Low 3313 3313 3313 3313 3313 3313 3313 3313 3313
Groovy Groovy_Low_Visibility Improper_Transaction_Handling Low 3314 3314 3314 3314 3314
Groovy Groovy_Low_Visibility Information_Exposure_Through_an_Error_Message Low 3315 3315 3315 3315 3315 3315 3315 3315 3315 3315 3315 3315 3315 3315 3315
Groovy Groovy_Low_Visibility Information_Exposure_Through_Debug_Log Low 3316 3316 3316 3316 3316 3316
Groovy Groovy_Low_Visibility Information_Exposure_Through_Server_Log Low 3317 3317 3317 3317 3317 3317
Groovy Groovy_Low_Visibility Information_Leak_Through_Comments Low 3318 3318 3318 3318 3318 3318 3318 3318 3318 3318 3318
Groovy Groovy_Low_Visibility Information_Leak_Through_Persistent_Cookies Low 3319 3319 3319 3319 3319 3319 3319 3319 3319 3319 3319 3319 3319
Groovy Groovy_Low_Visibility Information_Leak_Through_Shell_Error_Message Low 3320 3320 3320 3320 3320 3320 3320
Groovy Groovy_Low_Visibility Insufficient_Session_Expiration Low 3322 3322 3322 3322 3322 3322 3322 3322 3322 3322 3322 3322 3322
Groovy Groovy_Low_Visibility Insufficiently_Protected_Credentials Low 3321 3321 3321 3321 3321 3321 3321 3321 3321 3321 3321 3321 3321

Page 13 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
Groovy Groovy_Low_Visibility Integer_Overflow Low 3323 3323 3323 3323 3323 3323 3323 3323 3323 3323 3323 3323 3323
Groovy Groovy_Low_Visibility Integer_Underflow Low 3324 3324 3324 3324 3324 3324 3324
Groovy Groovy_Low_Visibility Leaving_Temporary_File Low 3326 3326 3326 3326 3326 3326 3326
Groovy Groovy_Low_Visibility Log_Forging Low 3328 3328 3328 3328 3328 3328 3328 3328 3328 3328 3328 3328 3328
Groovy Groovy_Low_Visibility Logic_Time_Bomb Low 3327 3327 3327 3327 3327
Groovy Groovy_Low_Visibility Missing_Password_Field_Masking Low 3329 3329 3329 3329 3329 3329 3329
Groovy Groovy_Low_Visibility Not_Using_a_Random_IV_with_CBC_Mode Low 3330 3330 3330 3330 3330 3330 3330 3330 3330 3330 3330 3330
Groovy Groovy_Low_Visibility Object_Hijack Low 3331 3331 3331 3331
Groovy Groovy_Low_Visibility Off_by_One_Error Low 3332 3332 3332 3332 3332 3332 3332
Groovy Groovy_Low_Visibility Open_Redirect Low 3333 3333 3333 3333 3333 3333 3333 3333 3333 3333 3333 3333 3333 3333
Groovy Groovy_Low_Visibility Parse_Double_DoS Low
Groovy Groovy_Low_Visibility Plaintext_Storage_in_a_Cookie Low 3335 3335 3335 3335 3335 3335 3335
Groovy Groovy_Low_Visibility Potenial_UTF7_XSS Low 3336 3336 3336 3336 3336 3336 3336 3336 3336 3336 3336 3336 3336
Groovy Groovy_Low_Visibility Potential_ReDoS Low 3337 3337 3337 3337 3337 3337 3337 3337 3337 3337 3337 3337
Groovy Groovy_Low_Visibility Potential_ReDoS_By_Injection Low 3338 3338 3338 3338 3338 3338 3338 3338 3338 3338 3338 3338 3338 3338
Groovy Groovy_Low_Visibility Potential_ReDoS_In_Match Low 3339 3339 3339 3339 3339 3339 3339 3339 3339 3339 3339 3339
Groovy Groovy_Low_Visibility Potential_ReDoS_In_Replace Low 3340 3340 3340 3340 3340 3340 3340 3340 3340 3340 3340 3340
Groovy Groovy_Low_Visibility Potential_ReDoS_In_Static_Field Low 3341 3341 3341 3341 3341 3341 3341 3341 3341 3341 3341 3341
Groovy Groovy_Low_Visibility Public_Static_Final_References_Mutable_Object Low 3342 3342 3342 3342 3342 3342 3342
Groovy Groovy_Low_Visibility Race_Condition Low 3343 3343 3343 3343 3343 3343 3343 3343 3343 3343 3343
Groovy Groovy_Low_Visibility Race_Condition_Format_Flaw Low 3344 3344 3344 3344 3344 3344 3344 3344 3344 3344 3344
Groovy Groovy_Low_Visibility Reliance_on_Cookies_in_a_Decision Low 3346 3346 3346 3346 3346 3346 3346 3346 3346
Groovy Groovy_Low_Visibility Reliance_on_DNS_Lookups_in_a_Decision Low 3347 3347 3347 3347 3347 3347 3347 3347 3347 3347 3347
Groovy Groovy_Low_Visibility Reversible_One_Way_Hash Low 3348 3348 3348 3348 3348 3348 3348 3348 3348
Groovy Groovy_Low_Visibility Sensitive_Cookie_in_HTTPS_Session_Without_Secure_Attribute Low 3349 3349 3349 3349 3349 3349 3349 3349 3349 3349
Groovy Groovy_Low_Visibility Serializable_Class_Containing_Sensitive_Data Low 3350 3350 3350 3350 3350 3350 3350 3350
Groovy Groovy_Low_Visibility Spring_defaultHtmlEscape_Not_True Low 3351 3351 3351 3351 3351 3351
Groovy Groovy_Low_Visibility Storing_Passwords_in_a_Recoverable_Format Low
Groovy Groovy_Low_Visibility TOCTOU Low 3356 3356 3356 3356 3356 3356 3356
Groovy Groovy_Low_Visibility Trust_Boundary_Violation_in_Session_Variables Low 3399 3399 3399 3399 3399 3399 3399 3399 3399 3399 3399 3399 3399 3399
Groovy Groovy_Low_Visibility Uncaught_Exception Low 3357 3357 3357 3357 3357 3357 3357 3357 3357 3357 3357
Groovy Groovy_Low_Visibility Unchecked_Return_Value_to_NULL_Pointer_Dereference Low
Groovy Groovy_Low_Visibility Uncontrolled_Format_String Low 3401 3401 3401 3401 3401 3401 3401 3401 3401 3401 3401 3401 3401 3401
Groovy Groovy_Low_Visibility Uncontrolled_Memory_Allocation Low 3359 3359 3359 3359 3359 3359 3359
Groovy Groovy_Low_Visibility Unsynchronized_Access_To_Shared_Data Low 3360 3360 3360 3360 3360 3360 3360 3360 3360 3360
Groovy Groovy_Low_Visibility Use_of_Broken_or_Risky_Cryptographic_Algorithm Low 3361 3361 3361 3361 3361 3361 3361 3361 3361 3361 3361 3361 3361 3361
Groovy Groovy_Low_Visibility Use_of_Client_Side_Authentication Low 3362 3362 3362 3362 3362 3362 3362 3362 3362
Groovy Groovy_Low_Visibility Use_Of_getenv Low 3363 3363 3363 3363
Groovy Groovy_Low_Visibility Use_of_Hard_coded_Security_Constants Low 3365 3365 3365 3365 3365 3365
Groovy Groovy_Low_Visibility Use_Of_Hardcoded_Password Low 3364 3364 3364 3364 3364 3364 3364 3364 3364 3364 3364 3364 3364 3364 3364 3364
Groovy Groovy_Low_Visibility Use_of_RSA_Algorithm_without_OAEP Low 3366 3366 3366 3366 3366 3366 3366 3366 3366 3366 3366
Groovy Groovy_Low_Visibility Using_Referer_Field_for_Authentication Low 3367 3367 3367 3367 3367 3367 3367 3367 3367
Groovy Groovy_Medium_Threat Absolute_Path_Traversal Medium 3368 3368 3368 3368 3368 3368 3368 3368 3368 3368 3368 3368 3368 3368
Groovy Groovy_Medium_Threat CGI_Reflected_XSS_All_Clients Medium 3369 3369 3369 3369 3369 3369 3369 3369 3369 3369 3369 3369 3369 3369 3369 3369
Groovy Groovy_Medium_Threat CGI_Stored_XSS Medium 3370 3370 3370 3370 3370 3370 3370 3370 3370 3370 3370 3370 3370 3370 3370 3370
Groovy Groovy_Medium_Threat Cleartext_Submission_of_Sensitive_Information Medium 3371 3371 3371 3371 3371 3371 3371 3371 3371 3371 3371 3371 3371 3371 3371 3371 3371
Groovy Groovy_Medium_Threat CSRF Medium 3411 3411 3411 3411 3411 3411 3411 3411 3411 3411 3411 3411 3411 3411 3411
Groovy Groovy_Medium_Threat Dangerous_File_Inclusion Medium 3373 3373 3373 3373 3373 3373 3373 3373 3373 3373 3373 3373 3373 3373 3373 3373
Groovy Groovy_Medium_Threat DB_Parameter_Tampering Medium 3374 3374 3374 3374 3374 3374 3374 3374 3374 3374 3374 3374 3374 3374 3374 3374 3374
Groovy Groovy_Medium_Threat Direct_Use_of_Unsafe_JNI Medium 3375 3375 3375 3375 3375 3375 3375 3375 3375 3375 3375 3375 3375
Groovy Groovy_Medium_Threat DoS_by_Sleep Medium 3376 3376 3376 3376 3376 3376 3376 3376 3376 3376 3376 3376 3376 3376
Groovy Groovy_Medium_Threat External_Control_of_Critical_State_Data Medium 3377 3377 3377 3377 3377 3377 3377 3377 3377 3377 3377
Groovy Groovy_Medium_Threat External_Control_of_System_or_Config_Setting Medium 3378 3378 3378 3378 3378 3378 3378 3378 3378 3378 3378 3378
Groovy Groovy_Medium_Threat Hardcoded_password_in_Connection_String Medium 3379 3379 3379 3379 3379 3379 3379 3379 3379 3379 3379
Groovy Groovy_Medium_Threat HTTP_Response_Splitting Medium 3382 3382 3382 3382 3382 3382 3382 3382 3382 3382 3382 3382 3382 3382
Groovy Groovy_Medium_Threat HttpOnlyCookies Medium 3380 3380 3380 3380 3380 3380 3380 3380 3380 3380 3380 3380
Groovy Groovy_Medium_Threat HttpOnlyCookies_In_Config Medium 3381 3381 3381 3381 3381 3381 3381 3381 3381 3381 3381
Groovy Groovy_Medium_Threat Improper_Locking Medium 3383 3383 3383 3383 3383 3383 3383 3383 3383 3383
Groovy Groovy_Medium_Threat Input_Path_Not_Canonicalized Medium 4770 4770 4770 4770 4770 4770 4770 4770 4770 4770 4770 4770 4770 4770 4770 4770
Groovy Groovy_Medium_Threat Multiple_Binds_to_the_Same_Port Medium 3384 3384 3384 3384 3384 3384 3384 3384 3384 3384
Groovy Groovy_Medium_Threat Parameter_Tampering Medium 3385 3385 3385 3385 3385 3385 3385 3385 3385 3385 3385 3385 3385 3385
Groovy Groovy_Medium_Threat Plaintext_Storage_of_a_Password Medium 3386 3386 3386 3386 3386 3386 3386 3386 3386 3386 3386 3386 3386 3386 3386
Groovy Groovy_Medium_Threat Privacy_Violation Medium 3387 3387 3387 3387 3387 3387 3387 3387 3387 3387 3387 3387 3387 3387 3387 3387 3387
Groovy Groovy_Medium_Threat Process_Control Medium 3388 3388 3388 3388 3388 3388 3388 3388 3388 3388 3388 3388 3388 3388
Groovy Groovy_Medium_Threat ReDoS_From_Regex_Injection Medium 3389 3389 3389 3389 3389 3389 3389 3389 3389 3389 3389 3389 3389 3389 3389 3389
Groovy Groovy_Medium_Threat ReDoS_In_Match Medium 3390 3390 3390 3390 3390 3390 3390 3390 3390 3390 3390 3390 3390 3390 3390 3390
Groovy Groovy_Medium_Threat ReDoS_In_Pattern Medium 3391 3391 3391 3391 3391 3391 3391 3391 3391 3391 3391 3391 3391 3391 3391 3391
Groovy Groovy_Medium_Threat ReDoS_In_Replace Medium 3392 3392 3392 3392 3392 3392 3392 3392 3392 3392 3392 3392 3392 3392 3392 3392
Groovy Groovy_Medium_Threat Relative_Path_Traversal Medium 3345 3345 3345 3345 3345 3345 3345 3345 3345 3345 3345 3345 3345
Groovy Groovy_Medium_Threat Reliance_on_Cookies_without_Validation Medium 3393 3393 3393 3393 3393 3393 3393 3393 3393 3393 3393 3393 3393 3393 3393 3393
Groovy Groovy_Medium_Threat Same_Seed_in_PRNG Medium 3394 3394 3394 3394 3394 3394 3394 3394 3394 3394 3394 3394 3394 3394
Groovy Groovy_Medium_Threat Session_Fixation Medium 3395 3395 3395 3395 3395 3395 3395 3395 3395 3395 3395 3395 3395 3395 3395
Groovy Groovy_Medium_Threat Spring_ModelView_Injection Medium 3396 3396 3396 3396 3396 3396 3396 3396 3396 3396 3396 3396 3396 3396

Page 14 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
Groovy Groovy_Medium_Threat SQL_Injection_Evasion_Attack Medium 3397 3397 3397 3397 3397 3397 3397 3397 3397 3397 3397 3397 3397 3397 3397 3397
Groovy Groovy_Medium_Threat Stored_Absolute_Path_Traversal Medium 3352 3352 3352 3352 3352 3352 3352 3352 3352 3352 3352 3352
Groovy Groovy_Medium_Threat Stored_Command_Injection Medium 3353 3353 3353 3353 3353 3353 3353 3353 3353 3353 3353 3353 3353 3353
Groovy Groovy_Medium_Threat Stored_LDAP_Injection Medium 3398 3398 3398 3398 3398 3398 3398 3398 3398 3398 3398 3398 3398 3398 3398
Groovy Groovy_Medium_Threat Stored_Relative_Path_Traversal Medium 3354 3354 3354 3354 3354 3354 3354 3354 3354 3354 3354 3354
Groovy Groovy_Medium_Threat Unchecked_Input_for_Loop_Condition Medium 3400 3400 3400 3400 3400 3400 3400 3400 3400 3400 3400
Groovy Groovy_Medium_Threat Unnormalize_Input_String Medium
Groovy Groovy_Medium_Threat Unvalidated_Forwards Medium 3403 3403 3403 3403 3403 3403 3403 3403
Groovy Groovy_Medium_Threat Use_of_a_One_Way_Hash_with_a_Predictable_Salt Medium 3405 3405 3405 3405 3405 3405 3405 3405 3405 3405 3405 3405 3405 3405 3405
Groovy Groovy_Medium_Threat Use_of_a_One_Way_Hash_without_a_Salt Medium 3404 3404 3404 3404 3404 3404 3404 3404 3404 3404 3404 3404 3404 3404 3404
Groovy Groovy_Medium_Threat Use_of_Cryptographically_Weak_PRNG Medium 3406 3406 3406 3406 3406 3406 3406 3406 3406 3406 3406 3406 3406 3406 3406 3406
Groovy Groovy_Medium_Threat Use_of_Hard_coded_Cryptographic_Key Medium 3407 3407 3407 3407 3407 3407 3407 3407 3407 3407 3407 3407 3407 3407 3407 3407
Groovy Groovy_Medium_Threat Use_of_Insufficiently_Random_Values Medium 3408 3408 3408 3408 3408 3408 3408 3408 3408 3408 3408 3408 3408 3408
Groovy Groovy_Medium_Threat Use_of_Native_Language Medium 3409 3409 3409 3409 3409 3409 3409 3409 3409 3409 3409 3409 3409
Groovy Groovy_Medium_Threat Use_of_System_exit Medium 3410 3410 3410 3410 3410 3410 3410 3410 3410 3410 3410 3410 3410
Groovy Groovy_Stored Stored_Boundary_Violation Low 3412 3412 3412 3412 3412 3412 3412 3412
Groovy Groovy_Stored Stored_Code_Injection Low 3413 3413 3413 3413 3413 3413 3413 3413 3413 3413 3413 3413 3413 3413 3413
Groovy Groovy_Stored Stored_HTTP_Response_Splitting Low 3414 3414 3414 3414 3414 3414 3414 3414 3414 3414 3414
Groovy Groovy_Stored Stored_Open_Redirect Low 3415 3415 3415 3415 3415 3415 3415 3415 3415 3415 3415
Groovy Groovy_Stored Stored_XPath_Injection Low 3416 3416 3416 3416 3416 3416 3416 3416 3416 3416 3416 3416 3416
Java Java_Android Accessible_Content_Provider Low
Java Java_Android Allowed_Backup Information 4703 4703 4703
Java Java_Android Android_Improper_Resource_Shutdown_or_Release Low 2692 2692 2692
Java Java_Android Client_Side_Injection Medium 1593 1593 1593 1593
Java Java_Android Client_Side_ReDoS Low 1592 1592 1592
Java Java_Android Copy_Paste_Buffer_Caching Low 4734 4734 4734
Java Java_Android Debuggable_App Low 3602 3602 3602
Java Java_Android Exported_Content_Provider_Without_Protective_Permissions Medium 7674 7674 7674 7674 7674 7674
Java Java_Android Exported_Service_Without_Permissions Medium
Java Java_Android Exported_Service_Without_Protective_Permissions Medium 7675 7675 7675 7675 7675 7675
Java Java_Android Exposure_Of_Resource_To_Other_Applications Information 2700 2700 2700
Java Java_Android Failure_To_Implement_Least_Privilege Low 1594 1594 1594 1594
Java Java_Android General_Android_Find_Request_Permissions Information 1595 1595
Java Java_Android Hardcoded_Password_In_Gradle Low 4710 4710 4710 4710
Java Java_Android Implicit_Intent_With_Read_Write_Permissions Low 3604 3604 3604
Java Java_Android Improper_Verification_Of_Intent_By_Broadcast_Receiver Medium 2701 2701 2701 2701
Java Java_Android Information_Leak_Through_Response_Caching Low 5298 5298 5298
Java Java_Android Insecure_Android_SDK_Version Low 4886 4886 4886 4886
Java Java_Android Insecure_Data_Storage Low 1596 1596 1596 1596
Java Java_Android Insecure_Data_Storage_Usage Low 5334 5334 5334
Java Java_Android Insecure_HTTP_Connections_Enabled Low 7536 7536 7536 7536
Java Java_Android Insecure_WebView_Usage High 3605 3605 3605 3605 3605
Java Java_Android Insufficient_Application_Layer_Protect Low 1598 1598 1598 1598
Java Java_Android Insufficient_Sensitive_Application_Layer High 1597 1597 1597 1597 1597
Java Java_Android Keyboard_Cache_Information_Leak Low 4721 4721 4721
Java Java_Android Malicious_Program High
Java Java_Android Missing_Certificate_Pinning Low 4795 4795 4795
Java Java_Android Missing_Device_Lock_Verification Low 4789 4789 4789
Java Java_Android Missing_Rooted_Device_Check Low 5268 5268 5268
Java Java_Android No_Installer_Verification_Implemented Low 4724 4724 4724
Java Java_Android Non_Encrypted_Data_Storage Low 2702 2702 2702 2702
Java Java_Android Passing_Non_Encrypted_Data_Between_Activities Low 2703 2703 2703 2703
Java Java_Android Poor_Authorization_and_Authentication Medium 1600 1600 1600 1600
Java Java_Android ProGuard_Obfuscation_Not_In_Use Low 4711 4711 4711
Java Java_Android Reuse_Of_Cryptographic_Key Low 4842 4842 4842
Java Java_Android Screen_Caching Low 5836 5836 5836
Java Java_Android Side_Channel_Data_Leakage High 1601 1601 1601 1601 1601
Java Java_Android Unsafe_Permission_Check Medium 4725 4725 4725 4725 4725
Java Java_Android Unvalidated_Self_Signed_Certificate Medium 4793 4793 4793 4793
Java Java_Android Use_Of_Implicit_Intent_For_Sensitive_Communication Medium 2704 2704 2704 2704 2704
Java Java_Android Use_of_Native_Language Low 1591 1591 1591
Java Java_Android Use_of_WebView_AddJavascriptInterface High 4124 4124 4124 4124
Java Java_Android Weak_Encryption Medium 3606 3606 3606 3606 3606
Java Java_Android WebView_Cache_Information_Leak Information 4691 4691 4691 4691
Java Java_AWS_Lambda AWS_Credentials_Leak High 7561 7561 7561 7561 7561 7561 7561 7561
Java Java_AWS_Lambda DynamoDB_NoSQL_Injection High 7602 7602 7602 7602 7602 7602 7602 7602
Java Java_AWS_Lambda Hardcoded_AWS_Credentials Low 5619 5619 5619 5619 5619 5619 5619 5619 5619 5619
Java Java_AWS_Lambda Permission_Manipulation_in_S3 Medium 7557 7557 7557 7557 7557 7557 7557 7557
Java Java_AWS_Lambda Race_Condition_Global_Scope Low 7558 7558 7558
Java Java_AWS_Lambda Unrestricted_Delete_S3 Low 7560 7560 7560 7560 7560 7560 7560
Java Java_AWS_Lambda Unrestricted_Read_S3 Low 6002 6002 6002 6002 6002 6002 6002 6002
Java Java_AWS_Lambda Unrestricted_Write_S3 Low 7535 7535 7535 7535 7535 7535 7535
Java Java_AWS_Lambda Use_of_Hardcoded_Cryptographic_Key_On_Server Medium 7549 7549 7549 7549 7549 7549 7549 7549

Page 15 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
Java Java_AWS_Lambda User_Based_SDK_Configurations Low 7562 7562 7562 7562
Java Java_Best_Coding_Practice Access_Specifier_Manipulation Information 3080 3080 3080 3080 3080 3080 3080 3080 3080 3080
Java Java_Best_Coding_Practice Array_Declared_Public_Final_and_Static Information 1611 1611 1611
Java Java_Best_Coding_Practice Assigning_instead_of_Comparing Information 1612
Java Java_Best_Coding_Practice Call_to_Thread_run Information 503 503 503 503 503
Java Java_Best_Coding_Practice Catch_NullPointerException Information 504 504 504 504 504 504 504
Java Java_Best_Coding_Practice clone_Method_Without_super_clone Information 1613
Java Java_Best_Coding_Practice Comparing_instead_of_Assigning Information 1614
Java Java_Best_Coding_Practice Comparison_of_Classes_By_Name Information 1615
Java Java_Best_Coding_Practice Confusing_Naming Information 506 506 506
Java Java_Best_Coding_Practice Critical_Public_Variable_Without_Final_Modifier Information 524 524 524 524 524 524
Java Java_Best_Coding_Practice Dead_Code Information 1616
Java Java_Best_Coding_Practice Declaration_Of_Catch_For_Generic_Exception Information 521 521 521 521 521 521 521 521
Java Java_Best_Coding_Practice Declaration_of_Throws_for_Generic_Exception Information 1617 1617 1617 1617 1617
Java Java_Best_Coding_Practice Detection_of_Error_Condition_Without_Action Information 508 508 508 508 508 508 508 508 508
Java Java_Best_Coding_Practice Direct_Use_of_Sockets Information 527 527 527 527
Java Java_Best_Coding_Practice Direct_Use_of_Threads Information 1622 1622
Java Java_Best_Coding_Practice Dynamic_File_Inclusion Information 2286 2286 2286 2286 2286 2286 2286 2286 2286 2286
Java Java_Best_Coding_Practice Dynamic_Set_Of_Null_SecurityManager Information 6206
Java Java_Best_Coding_Practice Dynamic_SQL_Queries Information 507 507 507 507 507 507 507 507 507 507 507 507 507
Java Java_Best_Coding_Practice Empty_Methods Information 1966 1966 1966 1966 1966
Java Java_Best_Coding_Practice Empty_Synchronized_Block Information 1618
Java Java_Best_Coding_Practice Empty_TryBlocks Information 4443 4443 4443 4443
Java Java_Best_Coding_Practice ESAPI_Banned_API Information 1967 1967 1967 1967 1967
Java Java_Best_Coding_Practice Explicit_Call_to_Finalize Information 510 510 510
Java Java_Best_Coding_Practice Exposure_of_Resource_to_Wrong_Sphere Information 532 532 532 532 532 532 532 532
Java Java_Best_Coding_Practice Expression_is_Always_False Information 1619
Java Java_Best_Coding_Practice Expression_is_Always_True Information 1620
Java Java_Best_Coding_Practice Failure_to_Catch_All_Exceptions_in_Servlet Information 516 516 516 516
Java Java_Best_Coding_Practice finalize_Method_Declared_Public Information 2699 2699 2699
Java Java_Best_Coding_Practice finalize_Method_Without_super_finalize Information 1621
Java Java_Best_Coding_Practice GOTO_Statement Information 511 511 511
Java Java_Best_Coding_Practice Hardcoded_Absolute_Path Information 603 603 603 603 603 603 603
Java Java_Best_Coding_Practice Hardcoded_Connection_String Information 512 512 512 512 512 512 512 512 512 512 512 512 512 512
Java Java_Best_Coding_Practice Improper_Initialization Information 1691 1691 1691
Java Java_Best_Coding_Practice Incorrect_Block_Delimitation Information 526 526 526
Java Java_Best_Coding_Practice Incorrect_Conversion_between_Numeric_Types Information 1692
Java Java_Best_Coding_Practice Input_Not_Normalized Information
Java Java_Best_Coding_Practice Insufficient_Logging_of_Database_Actions Information 5304 5304 5304 5304 5304
Java Java_Best_Coding_Practice Insufficient_Logging_of_Exceptions Information 5274 5274 5274 5274 5274
Java Java_Best_Coding_Practice Just_One_of_Equals_and_Hash_code_Defined Information 601 601 601
Java Java_Best_Coding_Practice Leftover_Debug_Code Information 514 514 514 514 514 514
Java Java_Best_Coding_Practice Missing_Default_Case_In_Switch_Statement Information 518 518 518
Java Java_Best_Coding_Practice Missing_XML_Validation Information 517 517 517 517 517 517
Java Java_Best_Coding_Practice Non_serializable_Object_Stored_in_Session Information 1623 1623
Java Java_Best_Coding_Practice Not_Static_Final_Logger Information 519 519 519 519 519 519 519
Java Java_Best_Coding_Practice Null_Pointer_Dereference Information
Java Java_Best_Coding_Practice Omitted_Break_Statement_In_Switch Information 520 520 520
Java Java_Best_Coding_Practice Pages_Without_Global_Error_Handler Information 523 523 523 523 523 523 523 523 523
Java Java_Best_Coding_Practice Portability_Flaw_In_File_Separator Information 3591 3591 3591 3591
Java Java_Best_Coding_Practice Potential_SpringShell Information 7257 7257 7257
Java Java_Best_Coding_Practice Potential_Usage_of_Vulnerable_Log4J Information 7052 7052 7052 7052 7052 7052 7052
Java Java_Best_Coding_Practice Potentially_Serializable_Class_With_Sensitive_Data Information 1693 1693 1693 1693 1693 1693 1693
Java Java_Best_Coding_Practice Public_Static_Field_Not_Marked_Final Information 1625
Java Java_Best_Coding_Practice Reachable_Assertion Information
Java Java_Best_Coding_Practice Redirect_Without_Exit Information 1626
Java Java_Best_Coding_Practice Reliance_On_Untrusted_Inputs_In_Security_Decision Information 3876 3876 3876 3876 3876
Java Java_Best_Coding_Practice Return_Inside_Finally_Block Information 1627 1627 1627 1627
Java Java_Best_Coding_Practice Suspicious_Endpoints Information 6369 6369 6369
Java Java_Best_Coding_Practice Unchecked_Error_Condition Information 505 505 505 505 505 505 505 505 505
Java Java_Best_Coding_Practice Unchecked_Return_Value Information
Java Java_Best_Coding_Practice Unclosed_Objects Information 529 529 529
Java Java_Best_Coding_Practice Uncontrolled_Recursion Information 1694 1694 1694
Java Java_Best_Coding_Practice Undocumented_API Information 6328 6328 6328
Java Java_Best_Coding_Practice Unsafe_BiDi_Unicode_Data Information 7026 7026 7026 7026 7026
Java Java_Best_Coding_Practice Unsafe_Homoglyphs_Unicode_Data Information 7027 7027 7027 7027 7027
Java Java_Best_Coding_Practice Unused_Variable Information 1628
Java Java_Best_Coding_Practice Use_of_Inner_Class_Containing_Sensitive_Data Information 2346 2346 2346 2346 2346 2346 2346
Java Java_Best_Coding_Practice Use_of_Obsolete_Functions Information 1629 1629 1629 1629 1629
Java Java_Best_Coding_Practice Use_of_System_exit Information 636 636 636 636 636 636 636 636 636 636 636 636
Java Java_Best_Coding_Practice Use_of_System_Output_Stream Information 531 531 531 531 531 531 531 531
Java Java_Best_Coding_Practice Use_Of_Uninitialized_Variables Information
Java Java_Best_Coding_Practice Use_of_Wrong_Operator_in_String_Comparison Information 509 509 509

Page 16 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
Java Java_GWT GWT_DOM_XSS Medium 577 577 577 577 577 577 577 577 577 577 577 577 577 577 577 577 577 577
Java Java_GWT GWT_Reflected_XSS High 578 578 578 578 578 578 578 578 578 578 578 578 578 578 578 578 578 578
Java Java_GWT JSON_Hijacking Low 2789 2789 2789 2789 2789 2789 2789 2789 2789 2789 2789
Java Java_Heuristic Heuristic_2nd_Order_SQL_Injection Low
Java Java_Heuristic Heuristic_CGI_Stored_XSS Low
Java Java_Heuristic Heuristic_CSRF Low
Java Java_Heuristic Heuristic_DB_Parameter_Tampering Low
Java Java_Heuristic Heuristic_Parameter_Tampering Low
Java Java_Heuristic Heuristic_SQL_Injection Low
Java Java_Heuristic Heuristic_Stored_XSS Low
Java Java_High_Risk Code_Injection High 587 587 587 587 587 587 587 587 587 587 587 587 587 587 587 587 587 587
Java Java_High_Risk Command_Injection High 588 588 588 588 588 588 588 588 588 588 588 588 588 588 588 588 588 588 588 588 588
Java Java_High_Risk Connection_String_Injection High 589 589 589 589 589 589 589 589 589 589 589 589 589 589 589 589 589
Java Java_High_Risk Deserialization_of_Untrusted_Data High 4690 4690 4690 4690 4690 4690 4690 4690 4690 4690 4690 4690 4690 4690 4690 4690 4690
Java Java_High_Risk Deserialization_of_Untrusted_Data_in_JMS High 5305 5305 5305 5305 5305 5305 5305 5305 5305 5305 5305 5305 5305
Java Java_High_Risk Expression_Language_Injection_EL High 7253 7253 7253 7253 7253 7253
Java Java_High_Risk Expression_Language_Injection_MVEL High 6643 6643 6643 6643 6643
Java Java_High_Risk Expression_Language_Injection_OGNL High 4897 4897 4897 4897 4897 4897 4897 4897 4897 4897 4897
Java Java_High_Risk Expression_Language_Injection_SPEL High 5689 5689 5689 5689 5689 5689 5689 5689
Java Java_High_Risk JSF_Local_File_Inclusion High 6840 6840 6840 6840 6840 6840 6840
Java Java_High_Risk LDAP_Injection High 590 590 590 590 590 590 590 590 590 590 590 590 590 590 590 590 590 590
Java Java_High_Risk Mongo_NoSQL_Injection High 7235 7235 7235 7235 7235 7235 7235
Java Java_High_Risk Reflected_XSS_All_Clients High 591 591 591 591 591 591 591 591 591 591 591 591 591 591 591 591 591 591 591
Java Java_High_Risk Resource_Injection High 592 592 592 592 592 592 592 592 592 592 592 592 592 592 592 592 592
Java Java_High_Risk Second_Order_SQL_Injection High 593 593 593 593 593 593 593 593 593 593 593 593 593 593 593 593 593 593 593
Java Java_High_Risk SQL_Injection High 594 594 594 594 594 594 594 594 594 594 594 594 594 594 594 594 594 594 594 594 594 594 594 594 594
Java Java_High_Risk Stored_XSS High 595 595 595 595 595 595 595 595 595 595 595 595 595 595 595 595 595 595
Java Java_High_Risk Unsafe_JNDI_Lookup High 7119 7119 7119 7119 7119 7119 7119 7119 7119
Java Java_High_Risk Unsafe_Reflection High 6733 6733 6733 6733 6733 6733 6733 6733 6733 6733
Java Java_High_Risk XPath_Injection High 597 597 597 597 597 597 597 597 597 597 597 597 597 597 597 597 597 597
Java Java_Low_Visibility Authorization_Bypass_Through_User_Controlled_SQL_PrimaryKey Low 1638 1638 1638 1638 1638 1638 1638 1638 1638 1638
Java Java_Low_Visibility Blind_SQL_Injections Low 598 598 598 598 598 598 598 598 598 598 598 598 598 598
Java Java_Low_Visibility Channel_Accessible_by_NonEndpoint Low 1639 1639 1639 1639 1639 1639
Java Java_Low_Visibility Citrus_Developer_Mode_Enabled Low 6019 6019 6019
Java Java_Low_Visibility Cleansing_Canonicalization_and_Comparison_Errors Low 602 602 602 602 602 602
Java Java_Low_Visibility Collapse_of_Data_into_Unsafe_Value Low 1640 1640 1640 1640
Java Java_Low_Visibility Command_Argument_Injection Low 6255 6255 6255 6255 6255 6255 6255 6255
Java Java_Low_Visibility Cookie_Overly_Broad_Path Low 3089 3089 3089 3089 3089 3089 3089 3089 3089 3089 3089
Java Java_Low_Visibility Creation_of_Temp_File_in_Dir_with_Incorrect_Permissions Low 1661 1661 1661 1661 1661 1661 1661 1661 1661
Java Java_Low_Visibility Creation_of_Temp_File_With_Insecure_Permissions Low 1662 1662 1662 1662 1662 1662 1662 1662 1662
Java Java_Low_Visibility Cross_Site_History_Manipulation Low
Java Java_Low_Visibility Data_Leak_Between_Sessions Low
Java Java_Low_Visibility DB_Control_of_System_or_Config_Setting Low 2724 2724 2724 2724 2724 2724 2724 2724
Java Java_Low_Visibility Divide_By_Zero Low 1641 1641 1641 1641 1641 1641 1641
Java Java_Low_Visibility Empty_Password_In_Connection_String Low 3461 3461 3461 3461 3461 3461 3461 3461 3461 3461 3461 3461 3461
Java Java_Low_Visibility ESAPI_Same_Password_Repeats_Twice Low 1972 1972 1972 1972 1972 1972 1972 1972 1972 1972 1972 1972 1972
Java Java_Low_Visibility Escape_False Low 1068 1068 1068 1068 1068 1068 1068 1068 1068 1068 1068
Java Java_Low_Visibility Exposure_of_System_Data Low 1642 1642 1642 1642 1642 1642 1642 1642 1642 1642
Java Java_Low_Visibility File_Permissions_World_Readable Low 4890 4890 4890 4890 4890 4890 4890
Java Java_Low_Visibility Heap_Inspection Low 3771 3771 3771 3771 3771 3771 3771 3771 3771 3771 3771 3771 3771 3771 3771
Java Java_Low_Visibility Improper_Build_Of_Sql_Mapping Low 2133 2133 2133 2133 2133 2133 2133 2133 2133 2133 2133 2133 2133 2133
Java Java_Low_Visibility Improper_Exception_Handling Low 605 605 605 605 605 605 605 605 605 605 605
Java Java_Low_Visibility Improper_Resource_Access_Authorization Low 3890 3890 3890 3890 3890 3890 3890 3890 3890 3890 3890 3890 3890 3890 3890
Java Java_Low_Visibility Improper_Resource_Locking Low 1643 1643 1643 1643 1643 1643
Java Java_Low_Visibility Improper_Resource_Shutdown_or_Release Low 600 600 600 600 600 600 600
Java Java_Low_Visibility Improper_Session_Management Low
Java Java_Low_Visibility Improper_Transaction_Handling Low 607 607 607 607 607
Java Java_Low_Visibility Incorrect_Permission_Assignment_For_Critical_Resources Low 3884 3884 3884 3884 3884 3884 3884 3884 3884 3884 3884 3884 3884
Java Java_Low_Visibility Information_Exposure_Through_an_Error_Message Low 622 622 622 622 622 622 622 622 622 622 622 622 622 622 622 622
Java Java_Low_Visibility Information_Exposure_Through_Debug_Log Low 1645 1645 1645 1645 1645
Java Java_Low_Visibility Information_Exposure_Through_Query_String Low 6372 6372 6372 6372 6372 6372 6372 6372
Java Java_Low_Visibility Information_Exposure_Through_Server_Log Low 1646 1646 1646 1646 1646 1646
Java Java_Low_Visibility Information_Leak_Through_Comments Low 1644 1644 1644 1644 1644 1644 1644 1644 1644 1644
Java Java_Low_Visibility Information_Leak_Through_Persistent_Cookies Low 611 611 611 611 611 611 611 611 611 611 611 611 611
Java Java_Low_Visibility Information_Leak_Through_Shell_Error_Message Low 1647 1647 1647 1647 1647 1647 1647
Java Java_Low_Visibility Insufficient_Session_Expiration Low 1648 1648 1648 1648 1648 1648 1648 1648 1648 1648 1648 1648 1648
Java Java_Low_Visibility Insufficiently_Protected_Credentials Low 610 610 610 610 610 610 610 610 610 610 610 610 610
Java Java_Low_Visibility Integer_Overflow Low 1649 1649 1649 1649 1649 1649 1649 1649 1649 1649 1649 1649 1649 1649 1649 1649
Java Java_Low_Visibility Integer_Underflow Low 1650 1650 1650 1650 1650 1650 1650 1650 1650 1650
Java Java_Low_Visibility JWT_Excessive_Expiration_Time Low 6368 6368 6368 6368 6368 6368 6368
Java Java_Low_Visibility JWT_Use_Of_None_Algorithm Low 6291 6291 6291 6291 6291 6291 6291 6291
Java Java_Low_Visibility Leaving_Temporary_File Low 608 608 608 608 608 608 608
Java Java_Low_Visibility Log_Forging Low 609 609 609 609 609 609 609 609 609 609 609 609 609 609 609 609 609 609

Page 17 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
Java Java_Low_Visibility Logic_Time_Bomb Low 1651 1651 1651 1651 1651
Java Java_Low_Visibility Missing_Content_Security_Policy Low 4839 4839 4839 4839 4839 4839 4839 4839
Java Java_Low_Visibility Missing_Password_Field_Masking Low 1652 1652 1652 1652 1652 1652 1652
Java Java_Low_Visibility Missing_X_Frame_Options Low 3053 3053 3053 3053 3053 3053 3053 3053 3053
Java Java_Low_Visibility Not_Using_a_Random_IV_with_CBC_Mode Low 1581 1581 1581 1581 1581 1581 1581 1581 1581 1581 1581 1581
Java Java_Low_Visibility Object_Hijack Low 1653 1653 1653 1653
Java Java_Low_Visibility Off_by_One_Error Low 1654 1654 1654 1654 1654 1654
Java Java_Low_Visibility Open_Redirect Low 620 620 620 620 620 620 620 620 620 620 620 620 620 620 620 620
Java Java_Low_Visibility Overly_Permissive_Cross_Origin_Resource_Sharing_Policy Low 5368 5368 5368 5368 5368 5368 5368
Java Java_Low_Visibility Parse_Double_DoS Low
Java Java_Low_Visibility Password_In_Comment Low 4448 4448 4448 4448 4448 4448 4448 4448 4448 4448 4448 4448 4448
Java Java_Low_Visibility Permissive_Content_Security_Policy Low 5845 5845 5845 5845 5845
Java Java_Low_Visibility Plaintext_Storage_in_a_Cookie Low 1655 1655 1655 1655 1655 1655
Java Java_Low_Visibility Portability_Flaw_Locale_Dependent_Comparison Low 4446 4446 4446 4446 4446
Java Java_Low_Visibility Potential_ReDoS Low 612 612 612 612 612 612 612 612 612 612 612
Java Java_Low_Visibility Potential_ReDoS_By_Injection Low 613 613 613 613 613 613 613 613 613 613 613 613 613 613
Java Java_Low_Visibility Potential_ReDoS_In_Match Low 614 614 614 614 614 614 614 614 614 614 614 614
Java Java_Low_Visibility Potential_ReDoS_In_Replace Low 615 615 615 615 615 615 615 615 615 615 615 615
Java Java_Low_Visibility Potential_ReDoS_In_Static_Field Low 616 616 616 616 616 616 616 616 616 616 616 616
Java Java_Low_Visibility Private_Array_Returned_From_A_Public_Method Low 3877 3877 3877 3877 3877 3877 3877 3877 3877
Java Java_Low_Visibility Public_Data_Assigned_to_Private_Array Low 3875 3875 3875 3875 3875 3875 3875 3875
Java Java_Low_Visibility Public_Static_Final_References_Mutable_Object Low 1656 1656 1656 1656 1656 1656 1656
Java Java_Low_Visibility Race_Condition Low 2732 2732 2732 2732 2732 2732 2732 2732 2732 2732 2732
Java Java_Low_Visibility Race_Condition_Format_Flaw Low 2756 2756 2756 2756 2756 2756 2756 2756 2756 2756 2756
Java Java_Low_Visibility Reflected_Environment_Injection Low 7162 7162 7162 7162 7162
Java Java_Low_Visibility Reliance_on_Cookies_in_a_Decision Low 2096 2096 2096 2096 2096 2096 2096 2096 2096
Java Java_Low_Visibility Reliance_on_DNS_Lookups_in_a_Decision Low 2097 2097 2097 2097 2097 2097 2097 2097 2097 2097 2097
Java Java_Low_Visibility Reversible_One_Way_Hash Low 1659 1659 1659 1659 1659 1659 1659 1659 1659 1659
Java Java_Low_Visibility Sensitive_Cookie_in_HTTPS_Session_Without_Secure_Attribute Low 599 599 599 599 599 599 599 599 599 599
Java Java_Low_Visibility Serializable_Class_Containing_Sensitive_Data Low 1660 1660 1660 1660 1660 1660 1660 1660
Java Java_Low_Visibility Stored_Command_Argument_Injection Low 6253 6253 6253 6253 6253 6253 6253 6253
Java Java_Low_Visibility Stored_Environment_Injection Low 7168 7168 7168 7168
Java Java_Low_Visibility Stored_Log_Forging Low 4445 4445 4445 4445 4445 4445 4445 4445 4445 4445 4445
Java Java_Low_Visibility Storing_Passwords_in_a_Recoverable_Format Low
Java Java_Low_Visibility Suspected_XSS Low 4034 4034 4034 4034 4034 4034 4034 4034 4034 4034 4034 4034 4034
Java Java_Low_Visibility TOCTOU Low 1584 1584 1584 1584 1584 1584 1584
Java Java_Low_Visibility TruffleHog_HighEntropy_Strings Low 6589 6589 6589 6589 6589 6589 6589
Java Java_Low_Visibility TruffleHog_Regex_Matches Low 6588 6588 6588 6588 6588 6588 6588
Java Java_Low_Visibility Trust_Boundary_Violation_in_Session_Variables Low 646 646 646 646 646 646 646 646 646 646 646 646 646 646 646
Java Java_Low_Visibility Uncaught_Exception Low 1663 1663 1663 1663 1663 1663 1663 1663 1663 1663
Java Java_Low_Visibility Unchecked_Return_Value_to_NULL_Pointer_Dereference Low
Java Java_Low_Visibility Uncontrolled_Format_String Low 1679 1679 1679 1679 1679 1679 1679 1679 1679 1679 1679 1679 1679 1679
Java Java_Low_Visibility Uncontrolled_Memory_Allocation Low 1665 1665 1665 1665 1665 1665
Java Java_Low_Visibility Unrestricted_File_Upload Low 3894 3894 3894 3894 3894 3894 3894 3894 3894 3894 3894 3894 3894
Java Java_Low_Visibility Unsynchronized_Access_To_Shared_Data Low 1666 1666 1666 1666 1666 1666 1666 1666 1666 1666
Java Java_Low_Visibility Use_of_Broken_or_Risky_Cryptographic_Algorithm Low 623 623 623 623 623 623 623 623 623 623 623 623 623 623 623 623 623 623 623
Java Java_Low_Visibility Use_of_Client_Side_Authentication Low 1667 1667 1667 1667 1667 1667 1667 1667 1667
Java Java_Low_Visibility Use_Of_getenv Low
Java Java_Low_Visibility Use_of_Hard_coded_Security_Constants Low 1668 1668 1668 1668 1668 1668
Java Java_Low_Visibility Use_Of_Hardcoded_Password Low 604 604 604 604 604 604 604 604 604 604 604 604 604 604 604 604 604 604 604 604 604
Java Java_Low_Visibility Use_Of_Hardcoded_Password_In_Config Low 5876 5876 5876 5876 5876 5876
Java Java_Low_Visibility Use_of_Non_Cryptographic_Random Low 6194 6194 6194 6194 6194 6194
Java Java_Low_Visibility Use_of_RSA_Algorithm_without_OAEP Low 2098 2098 2098 2098 2098 2098 2098 2098 2098 2098 2098
Java Java_Low_Visibility Using_Referer_Field_for_Authentication Low 1669 1669 1669 1669 1669 1669 1669 1669 1669
Java Java_Low_Visibility UTF7_XSS Low 621 621 621 621 621 621 621 621 621 621 621 621 621 621 621
Java Java_Medium_Threat Absolute_Path_Traversal Medium 1670 1670 1670 1670 1670 1670 1670 1670 1670 1670 1670 1670 1670 1670 1670
Java Java_Medium_Threat CGI_Reflected_XSS_All_Clients Medium 625 625 625 625 625 625 625 625 625 625 625 625 625 625 625
Java Java_Medium_Threat CGI_Stored_XSS Medium 626 626 626 626 626 626 626 626 626 626 626 626 626 626 626
Java Java_Medium_Threat Cleartext_Submission_of_Sensitive_Information Medium 1671 1671 1671 1671 1671 1671 1671 1671 1671 1671 1671 1671 1671 1671 1671 1671 1671 1671 1671
Java Java_Medium_Threat Client_State_Saving_Method_JSF Medium 3717 3717 3717 3717 3717 3717 3717 3717 3717 3717
Java Java_Medium_Threat CSRF Medium 648 648 648 648 648 648 648 648 648 648 648 648 648 648 648 648
Java Java_Medium_Threat Dangerous_File_Inclusion Medium 2277 2277 2277 2277 2277 2277 2277 2277 2277 2277 2277 2277 2277 2277 2277 2277
Java Java_Medium_Threat DB_Parameter_Tampering Medium 628 628 628 628 628 628 628 628 628 628 628 628 628 628 628 628 628 628
Java Java_Medium_Threat Direct_Use_of_Unsafe_JNI Medium 1698 1698 1698 1698 1698 1698 1698 1698 1698 1698 1698 1698 1698
Java Java_Medium_Threat DoS_by_Sleep Medium 629 629 629 629 629 629 629 629 629 629 629 629 629 629 629
Java Java_Medium_Threat Download_of_Code_Without_Integrity_Check Medium 3896 3896 3896 3896 3896 3896 3896 3896 3896 3896 3896 3896 3896
Java Java_Medium_Threat Excessive_Data_Exposure Medium 6382 6382 6382 6382 6382 6382
Java Java_Medium_Threat External_Control_of_Critical_State_Data Medium 1672 1672 1672 1672 1672 1672 1672 1672 1672 1672 1672
Java Java_Medium_Threat External_Control_of_System_or_Config_Setting Medium 630 630 630 630 630 630 630 630 630 630 630 630
Java Java_Medium_Threat Frameable_Login_Page Medium 4593 4593 4593 4593 4593 4593 4593 4593 4593 4593
Java Java_Medium_Threat Hardcoded_password_in_Connection_String Medium 633 633 633 633 633 633 633 633 633 633 633 633
Java Java_Medium_Threat HTTP_Response_Splitting Medium
Java Java_Medium_Threat HttpOnlyCookies Medium 2343 2343 2343 2343 2343 2343 2343 2343 2343 2343 2343 2343 2343

Page 18 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
Java Java_Medium_Threat HttpOnlyCookies_In_Config Medium 2344 2344 2344 2344 2344 2344 2344 2344 2344 2344 2344
Java Java_Medium_Threat Improper_Locking Medium 637 637 637 637 637 637 637 637 637 637
Java Java_Medium_Threat Improper_Restriction_of_Stored_XXE_Ref Medium 4447 4447 4447 4447 4447 4447 4447 4447 4447 4447 4447 4447 4447 4447 4447
Java Java_Medium_Threat Improper_Restriction_of_XXE_Ref Medium 3522 3522 3522 3522 3522 3522 3522 3522 3522 3522 3522 3522 3522 3522 3522
Java Java_Medium_Threat Inadequate_Encryption_Strength Medium
Java Java_Medium_Threat Input_Path_Not_Canonicalized Medium 3618 3618 3618 3618 3618 3618 3618 3618 3618 3618 3618 3618 3618 3618 3618 3618
Java Java_Medium_Threat JSF_CSRF Medium 6842 6842 6842 6842 6842 6842 6842 6842 6842
Java Java_Medium_Threat JSF_Managed_Bean_PII_Leak Medium 6841 6841 6841 6841 6841 6841 6841 6841 6841
Java Java_Medium_Threat JWT_Lack_Of_Expiration_Time Medium 6292 6292 6292 6292 6292 6292 6292 6292
Java Java_Medium_Threat JWT_No_Signature_Verification Medium 6295 6295 6295 6295 6295 6295 6295 6295 6295
Java Java_Medium_Threat JWT_Sensitive_Information_Exposure Medium 6366 6366 6366 6366 6366 6366 6366 6366
Java Java_Medium_Threat JWT_Use_Of_Hardcoded_Secret Medium 6374 6374 6374 6374 6374 6374 6374 6374 6374
Java Java_Medium_Threat Misconfigured_Deserialization_Filter Medium
Java Java_Medium_Threat Missing_HSTS_Header Medium 5370 5370 5370 5370 5370 5370 5370 5370 5370 5370 5370
Java Java_Medium_Threat Multiple_Binds_to_the_Same_Port Medium 1673 1673 1673 1673 1673 1673 1673 1673 1673 1673
Java Java_Medium_Threat Parameter_Tampering Medium 638 638 638 638 638 638 638 638 638 638 638 638 638 638 638
Java Java_Medium_Threat Plaintext_Storage_of_a_Password Medium 1674 1674 1674 1674 1674 1674 1674 1674 1674 1674 1674 1674 1674 1674 1674 1674
Java Java_Medium_Threat Privacy_Violation Medium 639 639 639 639 639 639 639 639 639 639 639 639 639 639 639 639 639 639
Java Java_Medium_Threat Process_Control Medium 1675 1675 1675 1675 1675 1675 1675 1675 1675 1675 1675 1675 1675 1675
Java Java_Medium_Threat ReDoS_From_Regex_Injection Medium 640 640 640 640 640 640 640 640 640 640 640 640 640 640 640 640
Java Java_Medium_Threat ReDoS_In_Match Medium 641 641 641 641 641 641 641 641 641 641 641 641 641 641 641 641
Java Java_Medium_Threat ReDoS_In_Pattern Medium 642 642 642 642 642 642 642 642 642 642 642 642 642 642 642 642
Java Java_Medium_Threat ReDoS_In_Replace Medium 643 643 643 643 643 643 643 643 643 643 643 643 643 643 643 643
Java Java_Medium_Threat Relative_Path_Traversal Medium 1658 1658 1658 1658 1658 1658 1658 1658 1658 1658 1658 1658 1658
Java Java_Medium_Threat Reliance_on_Cookies_without_Validation Medium 1676 1676 1676 1676 1676 1676 1676 1676 1676 1676 1676 1676 1676 1676 1676 1676
Java Java_Medium_Threat Same_Seed_in_PRNG Medium 1677 1677 1677 1677 1677 1677 1677 1677 1677 1677 1677 1677 1677 1677
Java Java_Medium_Threat Session_Fixation Medium 2099 2099 2099 2099 2099 2099 2099 2099 2099 2099 2099 2099 2099 2099 2099 2099
Java Java_Medium_Threat SQL_Injection_Evasion_Attack Medium 645 645 645 645 645 645 645 645 645 645 645 645 645 645 645 645 645 645 645
Java Java_Medium_Threat SSL_Verification_Bypass Medium 6825 6825 6825 6825 6825 6825 6825 6825 6825
Java Java_Medium_Threat SSRF Medium 4422 4422 4422 4422 4422 4422 4422 4422 4422 4422 4422 4422 4422 4422
Java Java_Medium_Threat Stored_Absolute_Path_Traversal Medium 1695 1695 1695 1695 1695 1695 1695 1695 1695 1695 1695 1695
Java Java_Medium_Threat Stored_Command_Injection Medium 1582 1582 1582 1582 1582 1582 1582 1582 1582 1582 1582 1582 1582 1582 1582
Java Java_Medium_Threat Stored_LDAP_Injection Medium 1678 1678 1678 1678 1678 1678 1678 1678 1678 1678 1678 1678 1678 1678 1678 1678 1678 1678
Java Java_Medium_Threat Stored_Relative_Path_Traversal Medium 1583 1583 1583 1583 1583 1583 1583 1583 1583 1583 1583
Java Java_Medium_Threat Unchecked_Input_for_Loop_Condition Medium 1699 1699 1699 1699 1699 1699 1699 1699 1699 1699 1699 1699 1699
Java Java_Medium_Threat Unnormalize_Input_String Medium
Java Java_Medium_Threat Unsafe_Object_Binding Medium 5426 5426 5426 5426 5426 5426 5426 5426 5426 5426 5426
Java Java_Medium_Threat Unvalidated_Forwards Medium 2375 2375 2375 2375 2375 2375 2375 2375 2375 2375
Java Java_Medium_Threat Unvalidated_SSL_Certificate_Hostname Medium
Java Java_Medium_Threat Use_of_a_One_Way_Hash_with_a_Predictable_Salt Medium 1682 1682 1682 1682 1682 1682 1682 1682 1682 1682 1682 1682 1682 1682 1682 1682 1682
Java Java_Medium_Threat Use_of_a_One_Way_Hash_without_a_Salt Medium 1683 1683 1683 1683 1683 1683 1683 1683 1683 1683 1683 1683 1683 1683 1683 1683 1683
Java Java_Medium_Threat Use_of_Cryptographically_Weak_PRNG Medium 1680 1680 1680 1680 1680 1680 1680 1680 1680 1680 1680 1680 1680 1680 1680 1680 1680
Java Java_Medium_Threat Use_of_Hard_coded_Cryptographic_Key Medium 632 632 632 632 632 632 632 632 632 632 632 632 632 632 632 632 632 632 632
Java Java_Medium_Threat Use_of_Insufficiently_Random_Values Medium
Java Java_Medium_Threat Use_of_Native_Language Medium 624 624 624 624 624 624 624 624 624 624 624 624 624 624
Java Java_Medium_Threat XQuery_Injection Medium 3885 3885 3885 3885 3885 3885 3885 3885 3885 3885 3885 3885 3885 3885
Java Java_Potential Potential_Code_Injection Low
Java Java_Potential Potential_Command_Injection Low
Java Java_Potential Potential_Connection_String_Injection Low
Java Java_Potential Potential_GWT_Reflected_XSS Low
Java Java_Potential Potential_Hardcoded_password_in_Connection_String Low
Java Java_Potential Potential_I_Reflected_XSS_All_Clients Low
Java Java_Potential Potential_IO_Reflected_XSS_All_Clients Low
Java Java_Potential Potential_LDAP_Injection Low
Java Java_Potential Potential_O_Reflected_XSS_All_Clients Low
Java Java_Potential Potential_Parameter_Tampering Low
Java Java_Potential Potential_Resource_Injection Low
Java Java_Potential Potential_SQL_Injection Low
Java Java_Potential Potential_Stored_XSS Low
Java Java_Potential Potential_Use_of_Hard_coded_Cryptographic_Key Low
Java Java_Potential Potential_UTF7_XSS Low
Java Java_Potential Potential_XPath_Injection Low
Java Java_Potential Potential_XXE_Injection Low
Java Java_Spring Spring_Argon2_Insecure_Parameters Medium 6396 6396 6396 6396 6396 6396 6396 6396 6396
Java Java_Spring Spring_BCrypt_Insecure_Parameters Medium 6393 6393 6393 6393 6393 6393 6393 6393 6393
Java Java_Spring Spring_Comparison_Timing_Attack Medium 6388 6388 6388 6388 6388 6388
Java Java_Spring Spring_CSRF Medium 6817 6817 6817 6817 6817 6817 6817 6817 6817
Java Java_Spring Spring_defaultHtmlEscape_Not_True Low 1389 1389 1389 1389 1389 1389
Java Java_Spring Spring_Missing_Content_Security_Policy Low 6446 6446 6446 6446 6446 6446
Java Java_Spring Spring_Missing_Expect_CT_Header Low 6448 6448 6448 6448 6448 6448 6448 6448
Java Java_Spring Spring_Missing_Function_Level_Authorization Low 6391 6391 6391 6391 6391 6391
Java Java_Spring Spring_Missing_HSTS_Header Medium 6439 6439 6439 6439 6439 6439 6439
Java Java_Spring Spring_Missing_Object_Level_Authorization Information 6390 6390 6390 6390 6390

Page 19 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
Java Java_Spring Spring_Missing_X_Content_Type_Options Low 6440 6440 6440 6440 6440 6440 6440 6440
Java Java_Spring Spring_Missing_X_Frame_Options Medium 6444 6444 6444 6444 6444 6444 6444
Java Java_Spring Spring_Missing_XSS_Protection_Header Low 6443 6443 6443 6443 6443 6443 6443 6443
Java Java_Spring Spring_ModelView_Injection Medium 644 644 644 644 644 644 644 644 644 644 644 644 644 644 644
Java Java_Spring Spring_Overly_Permissive_Cross_Origin_Resource_Sharing_Policy Low 6430 6430 6430 6430 6430 6430
Java Java_Spring Spring_PBKDF2_Insecure_Parameters Medium 6392 6392 6392 6392 6392 6392
Java Java_Spring Spring_Permissive_Content_Security_Policy Low 6447 6447 6447 6447 6447 6447
Java Java_Spring Spring_SCrypt_Insecure_Parameters Medium 6397 6397 6397 6397 6397 6397 6397 6397 6397
Java Java_Spring Spring_Use_of_Broken_or_Risky_Cryptographic_Primitive Low 6387 6387 6387 6387 6387 6387 6387
Java Java_Spring Spring_Use_Of_Hardcoded_Password Low 6400 6400 6400 6400 6400 6400 6400 6400
Java Java_Spring Spring_View_SPEL_Injection High 6674 6674 6674 6674 6674
Java Java_Spring Spring_XSRF Medium
Java Java_Stored Stored_Boundary_Violation Low 2696 2696 2696 2696 2696 2696 2696 2696
Java Java_Stored Stored_Code_Injection Low 1684 1684 1684 1684 1684 1684 1684 1684 1684 1684 1684 1684 1684 1684 1684
Java Java_Stored Stored_HTTP_Response_Splitting Low 1685 1685 1685 1685 1685 1685 1685 1685 1685 1685 1685
Java Java_Stored Stored_Mongo_NoSQL_Injection Low 7238 7238 7238 7238 7238 7238
Java Java_Stored Stored_Open_Redirect Low 1686 1686 1686 1686 1686 1686 1686 1686 1686 1686
Java Java_Stored Stored_XPath_Injection Low 1687 1687 1687 1687 1687 1687 1687 1687 1687 1687 1687 1687 1687
Java Java_Struts Struts_Duplicate_Config_Files Low 658 658 658 658 658 658
Java Java_Struts Struts_Duplicate_Form_Bean Low 1705 1705 1705 1705 1705 1705
Java Java_Struts Struts_Duplicate_Validation_Files Low 659 659 659 659 659 659
Java Java_Struts Struts_Duplicate_Validation_Forms Low 660 660 660 660 660 660 660 660 660
Java Java_Struts Struts_Form_Does_Not_Extend_Validation_Class Medium 662 662 662 662 662 662 662 662 662 662 662 662
Java Java_Struts Struts_Form_Field_Without_Validator Low 663 663 663 663 663 663 663 663 663
Java Java_Struts Struts_Incomplete_Validate_Method_Definition Medium 661 661 661 661 661 661 661 661 661 661 661 661
Java Java_Struts Struts_Mapping_to_Missing_Form_Bean Low 1707 1707 1707 1707 1707 1707 1707 1707 1707 1707
Java Java_Struts Struts_Missing_Form_Bean_Name Information 1708
Java Java_Struts Struts_Missing_Form_Bean_Type Information 1709
Java Java_Struts Struts_Missing_Forward_Name Information 1710 1710 1710
Java Java_Struts Struts_Non_Private_Field_In_ActionForm_Class Low 664 664 664 664 664 664
Java Java_Struts Struts_Thread_Safety_Violation_In_Action_Class Low 665 665 665 665 665 665 665 665
Java Java_Struts Struts_Unused_Action_Form Information 1711 1711 1711
Java Java_Struts Struts_Unused_Validation_Form Low 2342 2342 2342 2342 2342 2342 2342 2342
Java Java_Struts Struts_Unvalidated_Action_Form Low 666 666 666 666 666 666 666 666 666
Java Java_Struts Struts_Use_of_Relative_Path_in_Config Information 1712
Java Java_Struts Struts_Validation_Turned_Off Medium 667 667 667 667 667 667 667 667 667 667 667 667 667
Java Java_Struts Struts_Validator_Without_Form_Field Low 668 668 668 668 668 668 668 668 668
Java Java_Struts Struts2_Action_Field_Without_Validator Low 2336 2336 2336 2336 2336 2336 2336 2336 2336
Java Java_Struts Struts2_Duplicate_Action_Field_Validators Low 2337 2337 2337 2337 2337 2337 2337 2337
Java Java_Struts Struts2_Duplicate_Validators Low 2338 2338 2338 2338 2338 2338 2338 2338
Java Java_Struts Struts2_Undeclared_Validator Information 2339 2339 2339 2339 2339
Java Java_Struts Struts2_Validation_File_Without_Action Information 2340 2340 2340 2340 2340
Java Java_Struts Struts2_Validator_Without_Action_Field Information 2341 2341 2341 2341 2341
JavaScript JavaScript_Angular Angular_Client_DOM_XSS High 5330 5330 5330 5330 5330 5330 5330 5330 5330 5330 5330 5330 5330
JavaScript JavaScript_Angular Angular_Client_Stored_DOM_XSS High 5331 5331 5331 5331 5331 5331 5331 5331 5331 5331 5331 5331 5331
JavaScript JavaScript_Angular Angular_Deprecated_API Low 5270 5270 5270 5270 5270 5270 5270
JavaScript JavaScript_Angular Angular_Improper_Type_Pipe_Usage Medium 5265 5265 5265 5265 5265 5265
JavaScript JavaScript_Angular Angular_Usage_of_Unsafe_DOM_Sanitizer Low 5266 5266 5266 5266 5266 5266 5266 5266 5266 5266
JavaScript JavaScript_AWS_Lambda DynamoDB_NoSQL_Injection High 7261 7261 7261 7261 7261 7261 7261 7261 7261
JavaScript JavaScript_AWS_Lambda Permission_Manipulation_in_S3 Medium 7272 7272 7272 7272 7272 7272 7272 7272 7272
JavaScript JavaScript_AWS_Lambda Race_Condition_Global_Scope Medium 7273 7273 7273 7273 7273 7273 7273
JavaScript JavaScript_AWS_Lambda Unrestricted_Read_S3 Low 7259 7259 7259 7259 7259 7259 7259 7259
JavaScript JavaScript_AWS_Lambda Unrestricted_Write_S3 Low 7260 7260 7260 7260 7260 7260 7260 7260
JavaScript JavaScript_AWS_Lambda User_Based_SDK_Configurations Low 7263 7263 7263 7263 7263
JavaScript JavaScript_Best_Coding_Practice Avoid_the_Use_of_FinalizationRegistry Information 7301 7301 7301
JavaScript JavaScript_Best_Coding_Practice Avoid_the_Use_of_WeakRef Information 7302 7302 7302
JavaScript JavaScript_Best_Coding_Practice Hardcoded_Absolute_Path Information 2974 2974 2974 2974 2974 2974 2974
JavaScript JavaScript_Best_Coding_Practice React_Multiple_Classes_With_Same_Name Information 5916 5916
JavaScript JavaScript_Best_Coding_Practice Use_Of_Multiple_Mixins Information 4585
JavaScript JavaScript_Cordova Cordova_Code_Injection Medium 4001 4001 4001 4001 4001 4001 4001 4001 4001 4001 4001
JavaScript JavaScript_Cordova Cordova_File_Disclosure Medium 4002 4002 4002 4002 4002 4002 4002 4002 4002 4002 4002
JavaScript JavaScript_Cordova Cordova_File_Manipulation Medium 4003 4003 4003 4003 4003 4003 4003 4003 4003 4003 4003
JavaScript JavaScript_Cordova Cordova_Insufficient_Domain_Whitelist Low 5340 5340 5340 5340 5340 5340 5340
JavaScript JavaScript_Cordova Cordova_Missing_Content_Security_Policy Low 5345 5345 5345 5345 5345 5345 5345
JavaScript JavaScript_Cordova Cordova_Open_Redirect Medium 4004 4004 4004 4004 4004 4004 4004 4004 4004 4004
JavaScript JavaScript_Cordova Cordova_Permissive_Content_Security_Policy Low 5344 5344 5344 5344 5344 5344 5344
JavaScript JavaScript_Cordova Cordova_Privacy_Violation Medium 4015 4015 4015 4015 4015 4015 4015 4015 4015 4015
JavaScript JavaScript_High_Risk Client_DOM_Code_Injection High 2414 2414 2414 2414 2414 2414 2414 2414 2414 2414 2414 2414 2414 2414 2414 2414 2414 2414
JavaScript JavaScript_High_Risk Client_DOM_Stored_Code_Injection High 2559 2559 2559 2559 2559 2559 2559 2559 2559 2559 2559 2559 2559 2559 2559 2559 2559 2559
JavaScript JavaScript_High_Risk Client_DOM_Stored_XSS High 2560 2560 2560 2560 2560 2560 2560 2560 2560 2560 2560 2560 2560 2560 2560 2560 2560 2560
JavaScript JavaScript_High_Risk Client_DOM_XSS High 2415 2415 2415 2415 2415 2415 2415 2415 2415 2415 2415 2415 2415 2415 2415 2415 2415 2415 2415
JavaScript JavaScript_High_Risk Client_Dynamic_File_Inclusion High 7522 7522 7522 7522 7522 7522 7522 7522
JavaScript JavaScript_High_Risk Client_Resource_Injection High 2607 2607 2607 2607 2607 2607 2607 2607 2607 2607 2607 2607 2607 2607 2607 2607 2607 2607

Page 20 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
JavaScript JavaScript_High_Risk Client_Second_Order_Sql_Injection High
JavaScript JavaScript_High_Risk Client_SQL_Injection High
JavaScript JavaScript_High_Risk Deserialization_of_Untrusted_Data High 6090 6090 6090 6090 6090 6090 6090 6090 6090 6090 6090
JavaScript JavaScript_High_Risk Prototype_Pollution High 7120 7120 7120 7120 7120 7120
JavaScript JavaScript_Jelly Jelly_Injection High 4179 4179 4179 4179 4179 4179 4179 4179 4179 4179 4179 4179 4179 4179
JavaScript JavaScript_Jelly Jelly_XSS High 4180 4180 4180 4180 4180 4180 4180 4180 4180 4180 4180 4180 4180
JavaScript Javascript_Kony Kony_Code_Injection High 4508 4508 4508 4508 4508 4508 4508 4508 4508 4508 4508
JavaScript Javascript_Kony Kony_Deprecated_Functions Information 4489 4489 4489 4489
JavaScript Javascript_Kony Kony_Hardcoded_EncryptionKey Medium 4488 4488 4488 4488 4488 4488 4488 4488 4488 4488 4488
JavaScript Javascript_Kony Kony_Information_Leakage High 4487 4487 4487 4487 4487 4487 4487 4487 4487 4487 4487
JavaScript Javascript_Kony Kony_Path_Injection High 4486 4486 4486 4486 4486 4486 4486 4486 4486 4486 4486
JavaScript Javascript_Kony Kony_Reflected_XSS High
JavaScript Javascript_Kony Kony_Second_Order_SQL_Injection High 4484 4484 4484 4484 4484 4484 4484 4484 4484 4484 4484
JavaScript Javascript_Kony Kony_SQL_Injection High 4483 4483 4483 4483 4483 4483 4483 4483 4483 4483 4483
JavaScript Javascript_Kony Kony_Stored_Code_Injection High 4509 4509 4509 4509 4509 4509 4509 4509 4509 4509 4509
JavaScript Javascript_Kony Kony_Stored_XSS High
JavaScript Javascript_Kony Kony_Unsecure_Browser_Configuration High 4481 4481 4481 4481 4481 4481 4481 4481
JavaScript Javascript_Kony Kony_Unsecure_iOSBrowser_Configuration High
JavaScript Javascript_Kony Kony_URL_Injection Medium 4479 4479 4479 4479 4479 4479 4479 4479 4479 4479
JavaScript Javascript_Kony Kony_Use_WeakEncryption Medium 4478 4478 4478 4478 4478 4478 4478 4478 4478 4478
JavaScript Javascript_Kony Kony_Use_WeakHash Medium 4477 4477 4477 4477 4477 4477 4477 4477
JavaScript Javascript_Lightning Lightning_Aura_Attribute_With_Object_Type Information 6510
JavaScript Javascript_Lightning Lightning_Component_Bad_Naming Information 6571
JavaScript Javascript_Lightning Lightning_Data_Retrieval_Without_Wire_Decorator Information 6572
JavaScript Javascript_Lightning Lightning_DOM_XSS High 5808 5808 5808 5808 5808 5808 5808 5808 5808 5808
JavaScript Javascript_Lightning Lightning_Dynamic_Href_In_Anchor_Tag Information 6509
JavaScript Javascript_Lightning Lightning_Stored_XSS High 5809 5809 5809 5809 5809 5809 5809 5809 5809 5809 5809
JavaScript Javascript_Lightning Lightning_Use_of_Aura_Component Information 6573
JavaScript Javascript_Lightning Lightning_Use_of_LWC_Event_Bubbling Information 6574
JavaScript Javascript_Lightning Lightning_Use_of_Same_Controller_Method_In_Different_Components Information 6575
JavaScript JavaScript_Low_Visibility Client_Cookies_Inspection Low 2404 2404 2404 2404 2404 2404 2404
JavaScript JavaScript_Low_Visibility Client_Cross_Session_Contamination Low 2615 2615 2615 2615 2615 2615 2615 2615 2615 2615 2615 2615
JavaScript JavaScript_Low_Visibility Client_DOM_Open_Redirect Low 2411 2411 2411 2411 2411 2411 2411 2411 2411 2411 2411 2411 2411
JavaScript JavaScript_Low_Visibility Client_Empty_Password Low 2552 2552 2552 2552 2552 2552 2552 2552 2552 2552 2552 2552 2552
JavaScript JavaScript_Low_Visibility Client_Hardcoded_Domain Low 3908 3908 3908 3908 3908 3908 3908 3908 3908 3908 3908 3908
JavaScript JavaScript_Low_Visibility Client_Heuristic_Poor_XSS_Validation Low
JavaScript JavaScript_Low_Visibility Client_HTML5_Easy_To_Guess_Database_Name Low 3909 3909 3909 3909 3909 3909 3909 3909 3909 3909
JavaScript JavaScript_Low_Visibility Client_HTML5_Heuristic_Session_Insecure_Storage Low
JavaScript JavaScript_Low_Visibility Client_Insecure_Randomness Low 2553 2553 2553 2553 2553 2553 2553 2553 2553 2553
JavaScript JavaScript_Low_Visibility Client_Insufficient_Key_Size Low
JavaScript JavaScript_Low_Visibility Client_JQuery_Deprecated_Symbols Low 2405 2405 2405 2405 2405 2405 2405 2405 2405
JavaScript JavaScript_Low_Visibility Client_Located_JQuery_Outdated_Lib_File Low
JavaScript JavaScript_Low_Visibility Client_Negative_Content_Length Low 2555 2555 2555 2555 2555 2555 2555 2555
JavaScript JavaScript_Low_Visibility Client_Null_Password Low 3917 3917 3917 3917 3917 3917 3917 3917 3917 3917 3917
JavaScript JavaScript_Low_Visibility Client_Overly_Permissive_Message_Posting Low 2616 2616 2616 2616 2616 2616
JavaScript JavaScript_Low_Visibility Client_Password_In_Comment Low 2600 2600 2600 2600 2600 2600 2600 2600 2600 2600 2600 2600
JavaScript JavaScript_Low_Visibility Client_Password_Weak_Encryption Low
JavaScript JavaScript_Low_Visibility Client_Potential_Ad_Hoc_Ajax Low 2558 2558 2558 2558 2558 2558 2558 2558 2558 2558 2558
JavaScript JavaScript_Low_Visibility Client_Potential_DOM_Open_Redirect Low 3705 3705 3705 3705 3705 3705 3705 3705 3705 3705 3705
JavaScript JavaScript_Low_Visibility Client_Potential_ReDoS_In_Match Low 2407 2407 2407 2407 2407 2407 2407 2407 2407 2407 2407
JavaScript JavaScript_Low_Visibility Client_Potential_ReDoS_In_Replace Low 2408 2408 2408 2408 2408 2408 2408 2408 2408 2408 2408
JavaScript JavaScript_Low_Visibility Client_Regex_Injection Low 2722 2722 2722 2722 2722 2722 2722 2722 2722 2722 2722 2722
JavaScript JavaScript_Low_Visibility Client_Remote_File_Inclusion Low 2606 2606 2606 2606 2606 2606 2606 2606 2606 2606 2606 2606 2606 2606
JavaScript JavaScript_Low_Visibility Client_Server_Empty_Password Low 2727 2727 2727 2727 2727 2727 2727 2727 2727 2727 2727 2727
JavaScript JavaScript_Low_Visibility Client_Use_Of_Deprecated_SQL_Database Low 2617 2617 2617 2617 2617 2617 2617
JavaScript JavaScript_Low_Visibility Client_Use_Of_Iframe_Without_Sandbox Low 2618 2618 2618 2618 2618 2618 2618 2618 2618 2618 2618 2618 2618
JavaScript JavaScript_Low_Visibility Client_Weak_Cryptographic_Hash Low 2556 2556 2556 2556 2556 2556 2556 2556 2556 2556 2556 2556 2556 2556
JavaScript JavaScript_Low_Visibility Client_Weak_Encryption Low 2557 2557 2557 2557 2557 2557 2557 2557 2557 2557 2557 2557 2557
JavaScript JavaScript_Low_Visibility Client_Weak_Password_Authentication Low 2413 2413 2413 2413 2413 2413 2413 2413 2413 2413
JavaScript JavaScript_Low_Visibility Information_Exposure_Through_Query_Strings Low 5153 5153 5153 5153 5153 5153 5153
JavaScript JavaScript_Low_Visibility Insufficiently_Protected_Credentials Low 4646 4646 4646 4646 4646 4646 4646 4646 4646 4646 4646 4646
JavaScript JavaScript_Low_Visibility Not_Using_a_Random_IV Low 6826 6826 6826 6826 6826 6826
JavaScript JavaScript_Low_Visibility Overly_Permissive_Cross_Origin_Resource_Sharing_Policy Low 5418 5418 5418 5418 5418 5418 5418
JavaScript JavaScript_Low_Visibility Potential_Clickjacking_on_Legacy_Browsers Low 2612 2612 2612 2612 2612 2612 2612 2612 2612 2612 2612
JavaScript JavaScript_Low_Visibility React_Deprecated Low 4552 4552 4552 4552 4552 4552 4552
JavaScript JavaScript_Low_Visibility Unsafe_Use_Of_Target_blank Low 4505 4505 4505 4505 4505 4505 4505 4505 4505
JavaScript JavaScript_Low_Visibility Use_Of_Controlled_Input_On_Sensitive_Field Low 5450 5450 5450 5450 5450 5450
JavaScript JavaScript_Medium_Threat AngularJS_SCE_Disabled Medium 6071 6071 6071 6071 6071 6071 6071 6071
JavaScript JavaScript_Medium_Threat Client_Cross_Frame_Scripting_Attack Medium
JavaScript JavaScript_Medium_Threat Client_CSS_Injection Medium 4548 4548 4548 4548 4548 4548 4548 4548 4548
JavaScript JavaScript_Medium_Threat Client_DB_Parameter_Tampering Medium
JavaScript JavaScript_Medium_Threat Client_DOM_Cookie_Poisoning Medium 2540 2540 2540 2540 2540 2540 2540 2540 2540 2540 2540
JavaScript JavaScript_Medium_Threat Client_DOM_CSRF Medium

Page 21 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
JavaScript JavaScript_Medium_Threat Client_DoS_By_Sleep Medium 2400 2400 2400 2400 2400 2400 2400 2400 2400 2400 2400 2400
JavaScript JavaScript_Medium_Threat Client_Header_Manipulation Medium
JavaScript JavaScript_Medium_Threat Client_HTML5_Information_Exposure Medium 2550 2550 2550 2550 2550 2550 2550 2550 2550 2550 2550 2550 2550 2550
JavaScript JavaScript_Medium_Threat Client_HTML5_Insecure_Storage Medium 2725 2725 2725 2725 2725 2725 2725 2725 2725 2725 2725 2725 2725 2725 2725 2725
JavaScript JavaScript_Medium_Threat Client_HTML5_Store_Sensitive_data_In_Web_Storage Medium 2551 2551 2551 2551 2551 2551 2551 2551 2551 2551 2551 2551 2551 2551 2551 2551 2551
JavaScript JavaScript_Medium_Threat Client_Path_Manipulation Medium
JavaScript JavaScript_Medium_Threat Client_Potential_Code_Injection Medium 3075 3075 3075 3075 3075 3075 3075 3075 3075 3075 3075 3075 3075 3075 3075 3075 3075
JavaScript JavaScript_Medium_Threat Client_Potential_XSS Medium 2719 2719 2719 2719 2719 2719 2719 2719 2719 2719 2719 2719 2719 2719 2719 2719 2719
JavaScript JavaScript_Medium_Threat Client_Privacy_Violation Medium 2601 2601 2601 2601 2601 2601 2601 2601 2601 2601 2601 2601 2601 2601 2601 2601
JavaScript JavaScript_Medium_Threat Client_ReDoS_From_Regex_Injection Medium 2521 2521 2521 2521 2521 2521 2521 2521 2521 2521 2521 2521 2521 2521 2521 2521 2521
JavaScript JavaScript_Medium_Threat Client_ReDoS_In_Match Medium 2402 2402 2402 2402 2402 2402 2402 2402 2402 2402 2402 2402 2402 2402 2402
JavaScript JavaScript_Medium_Threat Client_ReDos_In_RegExp Medium 2718 2718 2718 2718 2718 2718 2718 2718 2718 2718 2718 2718 2718 2718
JavaScript JavaScript_Medium_Threat Client_ReDoS_In_Replace Medium 2510 2510 2510 2510 2510 2510 2510 2510 2510 2510 2510 2510 2510 2510
JavaScript JavaScript_Medium_Threat Client_Reflected_File_Download Medium
JavaScript JavaScript_Medium_Threat Client_Sandbox_Allows_Scripts_With_Same_Origin Medium 3050 3050 3050 3050 3050 3050 3050 3050 3050 3050 3050 3050
JavaScript JavaScript_Medium_Threat Client_Untrusted_Activex Medium 2401 2401 2401 2401 2401 2401 2401 2401 2401
JavaScript JavaScript_Medium_Threat Client_Use_Of_JQuery_Deprecated_Version Medium
JavaScript JavaScript_Medium_Threat Client_XPATH_Injection Medium 2721 2721 2721 2721 2721 2721 2721 2721 2721 2721 2721 2721 2721 2721
JavaScript JavaScript_Medium_Threat CSV_Injection Medium 6100 6100 6100 6100 6100 6100 6100 6100 6100 6100 6100
JavaScript JavaScript_Medium_Threat Frameable_Login_Page Medium 4683 4683 4683 4683 4683 4683 4683 4683 4683 4683 4683 4683
JavaScript JavaScript_Medium_Threat Insecure_Value_of_the_SameSite_Cookie_Attribute_in_Code Medium 7663 7663 7663 7663 7663
JavaScript JavaScript_Medium_Threat JWT_Sensitive_Information_Exposure Medium 6579 6579 6579 6579 6579 6579 6579
JavaScript JavaScript_Medium_Threat JWT_Use_Of_Hardcoded_Secret Medium 6578 6578 6578 6578 6578 6578 6578 6578 6578
JavaScript JavaScript_Medium_Threat Missing_HSTS_Header Medium 5404 5404 5404 5404 5404 5404 5404 5404 5404 5404
JavaScript JavaScript_Medium_Threat Unchecked_Input_For_Loop_Condition Medium 6632 6632 6632 6632 6632 6632 6632 6632 6632 6632 6632
JavaScript JavaScript_Medium_Threat XML_External_Entities_XXE Medium 6086 6086 6086 6086 6086 6086 6086 6086
JavaScript JavaScript_ReactNative Clipboard_Information_Leakage Low 6229 6229 6229 6229 6229 6229 6229 6229 6229 6229
JavaScript JavaScript_ReactNative Insecure_Text_Entry Medium 6228 6228 6228 6228 6228 6228 6228 6228 6228
JavaScript JavaScript_ReactNative Insufficient_Transport_Layer_Security Medium 6233 6233 6233 6233 6233 6233 6233 6233 6233 6233 6233
JavaScript JavaScript_ReactNative Missing_Root_Or_Jailbreak_Check Low 6219 6219 6219 6219 6219 6219 6219 6219 6219 6219
JavaScript JavaScript_ReactNative Unencrypted_Sensitive_Data_Storage Medium 6230 6230 6230 6230 6230 6230 6230 6230 6230 6230
JavaScript JavaScript_SAPUI5 Client_Manual_CSRF_Token_Handling Low 4542 4542 4542 4542 4542 4542 4542 4542 4542
JavaScript JavaScript_SAPUI5 Client_Manual_XHR_Handling Information 4541
JavaScript JavaScript_SAPUI5 SAPUI5_Custom_OData_Model Information 4545
JavaScript JavaScript_SAPUI5 SAPUI5_Deprecated_Symbols Low 4540 4540 4540 4540 4540 4540 4540
JavaScript JavaScript_SAPUI5 SAPUI5_Hardcoded_UserId_In_Comments Medium
JavaScript JavaScript_SAPUI5 SAPUI5_OData_Call_Without_Batch_Mode Information 4580
JavaScript JavaScript_SAPUI5 SAPUI5_Potential_Malicious_File_Upload Low 4532 4532 4532 4532 4532 4532 4532 4532 4532
JavaScript JavaScript_SAPUI5 SAPUI5_Use_Of_Hardcoded_URL Medium 6083 6083 6083 6083 6083 6083 6083 6083
JavaScript JavaScript_Server_Side_Vulnerabilities Absolute_Path_Traversal Medium 6737 6737 6737 6737 6737 6737 6737 6737 6737 6737 6737 6737 6737 6737
JavaScript JavaScript_Server_Side_Vulnerabilities Cleartext_Storage_Of_Sensitive_Information Medium 4170 4170 4170 4170 4170 4170 4170 4170 4170 4170 4170 4170 4170 4170
JavaScript JavaScript_Server_Side_Vulnerabilities Code_Injection High 2967 2967 2967 2967 2967 2967 2967 2967 2967 2967 2967 2967 2967 2967 2967 2967 2967
JavaScript JavaScript_Server_Side_Vulnerabilities Command_Injection High 6412 6412 6412 6412 6412 6412 6412 6412 6412 6412 6412 6412 6412
JavaScript JavaScript_Server_Side_Vulnerabilities Comparing_instead_of_Assigning Information 2968
JavaScript JavaScript_Server_Side_Vulnerabilities Cookie_Poisoning Medium 4171 4171 4171 4171 4171 4171 4171 4171 4171 4171 4171 4171
JavaScript JavaScript_Server_Side_Vulnerabilities CSRF Medium 3929 3929 3929 3929 3929 3929 3929 3929 3929 3929 3929 3929 3929 3929 3929
JavaScript JavaScript_Server_Side_Vulnerabilities Divide_By_Zero Low 2969 2969 2969 2969
JavaScript JavaScript_Server_Side_Vulnerabilities Dynamic_File_Inclusion Information 2970 2970 2970 2970 2970 2970 2970 2970 2970 2970
JavaScript JavaScript_Server_Side_Vulnerabilities Excessive_Data_Exposure Medium 6623 6623 6623 6623 6623 6623 6623
JavaScript JavaScript_Server_Side_Vulnerabilities Expression_is_Always_False Information 2972
JavaScript JavaScript_Server_Side_Vulnerabilities Expression_is_Always_True Information 2973
JavaScript JavaScript_Server_Side_Vulnerabilities Hardcoded_password_in_Connection_String Medium 2975 2975 2975 2975 2975 2975 2975 2975 2975 2975 2975
JavaScript JavaScript_Server_Side_Vulnerabilities HTTP_Response_Splitting Medium
JavaScript JavaScript_Server_Side_Vulnerabilities Information_Exposure_Through_an_Error_Message Low 7310 7310 7310 7310 7310 7310 7310 7310
JavaScript JavaScript_Server_Side_Vulnerabilities Information_Exposure_Through_Directory_Listing Low 4172 4172 4172 4172 4172 4172 4172
JavaScript JavaScript_Server_Side_Vulnerabilities Information_Exposure_Through_Log_Files Low 4173 4173 4173 4173 4173 4173 4173
JavaScript JavaScript_Server_Side_Vulnerabilities Insecure_Direct_Object_References High
JavaScript JavaScript_Server_Side_Vulnerabilities Insecure_Storage_of_Sensitive_Data High 6413 6413 6413 6413 6413 6413
JavaScript JavaScript_Server_Side_Vulnerabilities JSON_Hijacking Low 3924 3924 3924 3924 3924 3924 3924 3924 3924
JavaScript JavaScript_Server_Side_Vulnerabilities JWT_Excessive_Expiration_Time Low 6615 6615 6615 6615 6615 6615 6615
JavaScript JavaScript_Server_Side_Vulnerabilities JWT_Lack_Of_Expiration_Time Medium 6577 6577 6577 6577 6577 6577 6577 6577
JavaScript JavaScript_Server_Side_Vulnerabilities JWT_No_Expiration_Time_Validation Medium 6594 6594 6594 6594 6594 6594 6594 6594
JavaScript JavaScript_Server_Side_Vulnerabilities JWT_No_NotBefore_Validation Low 6598 6598 6598 6598 6598 6598
JavaScript JavaScript_Server_Side_Vulnerabilities JWT_No_Signature_Verification High 6593 6593 6593 6593 6593 6593 6593 6593 6593
JavaScript JavaScript_Server_Side_Vulnerabilities JWT_Use_Of_None_Algorithm Low 6581 6581 6581 6581 6581 6581 6581 6581
JavaScript JavaScript_Server_Side_Vulnerabilities Log_Forging Low 4174 4174 4174 4174 4174 4174 4174 4174 4174 4174 4174 4174
JavaScript JavaScript_Server_Side_Vulnerabilities Missing_CSP_Header Low 4033 4033 4033 4033 4033 4033 4033 4033 4033 4033
JavaScript JavaScript_Server_Side_Vulnerabilities Missing_Default_Case_In_Switch_Statement Information 2977
JavaScript JavaScript_Server_Side_Vulnerabilities Missing_Encryption_of_Sensitive_Data Medium 4128 4128 4128 4128 4128 4128 4128 4128 4128 4128 4128 4128 4128 4128 4128 4128
JavaScript JavaScript_Server_Side_Vulnerabilities MongoDB_NoSQL_Injection High 6093 6093 6093 6093 6093 6093 6093 6093
JavaScript JavaScript_Server_Side_Vulnerabilities Null_Password Low 3935 3935 3935 3935 3935 3935 3935 3935
JavaScript JavaScript_Server_Side_Vulnerabilities Omitted_Break_Statement_In_Switch Information 2978
JavaScript JavaScript_Server_Side_Vulnerabilities Open_Redirect Low 3926 3926 3926 3926 3926 3926 3926 3926 3926 3926 3926 3926 3926 3926

Page 22 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
JavaScript JavaScript_Server_Side_Vulnerabilities Parameter_Tampering Medium 2979 2979 2979 2979 2979 2979 2979 2979 2979 2979 2979 2979 2979
JavaScript JavaScript_Server_Side_Vulnerabilities Password_Weak_Encryption Low 3916 3916 3916 3916 3916 3916 3916 3916 3916 3916 3916
JavaScript JavaScript_Server_Side_Vulnerabilities Plaintext_Storage_of_a_Password Medium 2981 2981 2981 2981 2981 2981 2981 2981 2981 2981 2981 2981 2981 2981
JavaScript JavaScript_Server_Side_Vulnerabilities Poor_Database_Access_Control Low 3920 3920 3920 3920 3920 3920 3920 3920 3920 3920 3920 3920
JavaScript JavaScript_Server_Side_Vulnerabilities Potentially_Vulnerable_To_CSRF Low 3922 3922 3922 3922 3922 3922 3922 3922 3922
JavaScript JavaScript_Server_Side_Vulnerabilities Privacy_Violation Medium 3928 3928 3928 3928 3928 3928 3928 3928 3928 3928 3928 3928 3928 3928 3928 3928 3928
JavaScript JavaScript_Server_Side_Vulnerabilities ReDoS_in_RegExp Medium 4005 4005 4005 4005 4005 4005 4005 4005 4005 4005 4005 4005 4005 4005
JavaScript JavaScript_Server_Side_Vulnerabilities Reflected_XSS High 2982 2982 2982 2982 2982 2982 2982 2982 2982 2982 2982 2982 2982 2982 2982 2982 2982 2982
JavaScript JavaScript_Server_Side_Vulnerabilities Relative_Path_Traversal Medium 2980 2980 2980 2980 2980 2980 2980 2980 2980 2980 2980 2980 2980 2980
JavaScript JavaScript_Server_Side_Vulnerabilities Second_Order_SQL_Injection High 2983 2983 2983 2983 2983 2983 2983 2983 2983 2983 2983 2983 2983 2983 2983 2983 2983
JavaScript JavaScript_Server_Side_Vulnerabilities Security_Misconfiguration High 3906 3906 3906
JavaScript JavaScript_Server_Side_Vulnerabilities Sensitive_Information_Over_HTTP Medium 7499 7499 7499 7499 7499 7499 7499 7499
JavaScript JavaScript_Server_Side_Vulnerabilities Server_DoS_by_Loop Medium 3939 3939 3939 3939 3939 3939 3939 3939 3939
JavaScript JavaScript_Server_Side_Vulnerabilities Server_DoS_by_Sleep Medium 3940 3940 3940 3940 3940 3940 3940 3940 3940 3940
JavaScript JavaScript_Server_Side_Vulnerabilities SQL_Injection High 2984 2984 2984 2984 2984 2984 2984 2984 2984 2984 2984 2984 2984 2984 2984 2984 2984 2984
JavaScript JavaScript_Server_Side_Vulnerabilities SSL_Verification_Bypass Medium 3583 3583 3583 3583 3583 3583 3583 3583 3583 3583 3583 3583
JavaScript JavaScript_Server_Side_Vulnerabilities SSRF Medium 7496 7496 7496 7496 7496 7496 7496
JavaScript JavaScript_Server_Side_Vulnerabilities Stored_Code_Injection Medium 2985 2985 2985 2985 2985 2985 2985 2985 2985 2985 2985 2985 2985 2985 2985 2985
JavaScript JavaScript_Server_Side_Vulnerabilities Stored_Path_Traversal Medium 2986 2986 2986 2986 2986 2986 2986 2986 2986 2986 2986 2986 2986 2986
JavaScript JavaScript_Server_Side_Vulnerabilities Stored_XSS High 2987 2987 2987 2987 2987 2987 2987 2987 2987 2987 2987 2987 2987 2987 2987 2987 2987
JavaScript JavaScript_Server_Side_Vulnerabilities Uncontrolled_Format_String Information 2988 2988 2988 2988 2988 2988 2988 2988 2988 2988 2988 2988 2988
JavaScript JavaScript_Server_Side_Vulnerabilities Unprotected_Cookie Low 3934 3934 3934 3934 3934 3934 3934 3934 3934 3934 3934
JavaScript JavaScript_Server_Side_Vulnerabilities Unrestricted_File_Upload Low 6628 6628 6628 6628 6628 6628 6628 6628 6628 6628 6628 6628
JavaScript JavaScript_Server_Side_Vulnerabilities Unsafe_Object_Binding Medium 6660 6660 6660 6660 6660 6660 6660 6660 6660
JavaScript JavaScript_Server_Side_Vulnerabilities Use_of_Broken_or_Risky_Cryptographic_Algorithm Low 2989 2989 2989 2989 2989 2989 2989 2989 2989 2989 2989 2989 2989 2989 2989
JavaScript JavaScript_Server_Side_Vulnerabilities Use_of_Deprecated_or_Obsolete_Functions Low 2990 2990 2990 2990 2990 2990
JavaScript JavaScript_Server_Side_Vulnerabilities Use_Of_Hardcoded_Password Low 3933 3933 3933 3933 3933 3933 3933 3933 3933 3933 3933 3933 3933 3933 3933 3933
JavaScript JavaScript_Server_Side_Vulnerabilities Use_Of_HTTP_Sensitive_Data_Exposure Low 3930 3930 3930 3930 3930 3930 3930 3930 3930 3930 3930 3930 3930
JavaScript JavaScript_Server_Side_Vulnerabilities Use_of_Insufficiently_Random_Values Medium 2991 2991 2991 2991 2991 2991 2991 2991 2991 2991 2991 2991 2991 2991 2991
JavaScript JavaScript_Vue Declaration_of_Multiple_Vue_Components_per_File Information 6242
JavaScript JavaScript_Vue Declaration_of_Vue_Component_Data_as_Property Information 6240
JavaScript JavaScript_Vue Inconsistent_Component_Top_Level_Elements_Ordering Information 6245
JavaScript JavaScript_Vue Inconsistent_use_of_Directive_Shorthands Information 6365
JavaScript JavaScript_Vue Use_of_Implicit_Types_on_Vue_Component_Props Information 6241
JavaScript JavaScript_Vue Use_of_Single_Word_Named_Vue_Components Information 6243
JavaScript JavaScript_Vue Use_of_vif_and_vfor_On_Same_Element Information 6322
JavaScript JavaScript_Vue Vue_DOM_XSS High 6196 6196 6196 6196 6196 6196 6196 6196 6196
JavaScript JavaScript_XS XS_Code_Injection High 4100 4100 4100 4100 4100 4100 4100 4100 4100 4100 4100 4100
JavaScript JavaScript_XS XS_CSRF Medium 4114 4114 4114 4114 4114 4114 4114 4114 4114 4114 4114
JavaScript JavaScript_XS XS_Log_Injection Low 4101 4101 4101 4101 4101 4101 4101 4101 4101
JavaScript JavaScript_XS XS_Open_Redirect Medium 4102 4102 4102 4102 4102 4102 4102 4102 4102 4102 4102
JavaScript JavaScript_XS XS_Overly_Permissive_CORS Low 4103 4103 4103 4103 4103 4103 4103 4103 4103
JavaScript JavaScript_XS XS_Parameter_Tampering Medium 4104 4104 4104 4104 4104 4104 4104 4104 4104
JavaScript JavaScript_XS XS_Potentially_Vulnerable_To_Clickjacking Low 4105 4105 4105 4105 4105 4105 4105 4105 4105 4105 4105
JavaScript JavaScript_XS XS_Reflected_XSS High 4106 4106 4106 4106 4106 4106 4106 4106 4106 4106 4106 4106
JavaScript JavaScript_XS XS_Response_Splitting Medium 4107 4107 4107 4107 4107 4107 4107 4107 4107 4107
JavaScript JavaScript_XS XS_Second_Order_SQL_Injection High 4108 4108 4108 4108 4108 4108 4108 4108 4108 4108 4108 4108
JavaScript JavaScript_XS XS_SQL_Injection High 4109 4109 4109 4109 4109 4109 4109 4109 4109 4109 4109 4109
JavaScript JavaScript_XS XS_Stored_Code_Injection High 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110
JavaScript JavaScript_XS XS_Stored_XSS High 4111 4111 4111 4111 4111 4111 4111 4111 4111 4111 4111 4111
JavaScript JavaScript_XS XS_Unencrypted_Data_Transfer Low 4112 4112 4112 4112 4112 4112 4112 4112 4112 4112 4112
JavaScript JavaScript_XS XS_Use_Of_Hardcoded_URL Medium 4113 4113 4113 4113 4113 4113 4113 4113 4113 4113 4113 4113
JavaScript JavasScript_Visualforce_Remoting VF_Remoting_Client_Potential_Code_Injection Medium 3707 3707 3707 3707 3707 3707 3707 3707 3707 3707 3707 3707 3707 3707 3707
JavaScript JavasScript_Visualforce_Remoting VF_Remoting_Client_Potential_CSRF Medium
JavaScript JavasScript_Visualforce_Remoting VF_Remoting_Client_Potential_XSS Medium 3709 3709 3709 3709 3709 3709 3709 3709 3709 3709 3709 3709 3709 3709
Kotlin Kotlin_Android Accessible_Content_Provider Low
Kotlin Kotlin_Android Allowed_Backup Information 5638 5638 5638 5638 5638
Kotlin Kotlin_Android Client_Side_Injection Medium 5840 5840 5840 5840 5840
Kotlin Kotlin_Android Client_Side_ReDoS Low 5897 5897 5897 5897 5897
Kotlin Kotlin_Android Communication_Over_HTTP Medium 5694 5694 5694 5694 5694
Kotlin Kotlin_Android Copy_Paste_Buffer_Caching Low 5915 5915 5915 5915 5915
Kotlin Kotlin_Android Debuggable_App Low 5639 5639 5639 5639 5639
Kotlin Kotlin_Android DeviceId_Authentication Low 5691 5691 5691 5691 5691
Kotlin Kotlin_Android Exported_Content_Provider_Without_Protective_Permissions Medium 7678 7678 7678 7678 7678
Kotlin Kotlin_Android Exported_Service_Without_Permissions Medium
Kotlin Kotlin_Android Exported_Service_Without_Protective_Permissions Medium 7676 7676 7676 7676 7676
Kotlin Kotlin_Android Failure_to_Implement_Least_Privilege Low 5685 5685 5685 5685 5685
Kotlin Kotlin_Android Hardcoded_Password_In_Gradle Low 5648 5648 5648 5648 5648
Kotlin Kotlin_Android Implicit_Intent_With_Read_Write_Permissions Low 7666 7666 7666 7666 7666
Kotlin Kotlin_Android Improper_Certificate_Validation Medium 5821 5821 5821 5821 5821
Kotlin Kotlin_Android Improper_Verification_Of_Intent_By_Broadcast_Receiver Medium 5873 5873 5873 5873 5873
Kotlin Kotlin_Android Insecure_Android_SDK_Version Low 5641 5641 5641 5641 5641
Kotlin Kotlin_Android Insecure_Cipher_Mode Information 5719 5719 5719 5719 5719

Page 23 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
Kotlin Kotlin_Android Insecure_Data_Storage_Usage Medium 5807 5807 5807 5807 5807
Kotlin Kotlin_Android Insecure_HTTP_Connections_Enabled Low 7537 7537 7537 7537
Kotlin Kotlin_Android Insecure_Sensitive_Data_Storage Low 5806 5806 5806 5806 5806
Kotlin Kotlin_Android Insecure_WebView_Usage High 5872 5872 5872 5872 5872
Kotlin Kotlin_Android Missing_Rooted_Device_Check Low 5687 5687 5687 5687 5687
Kotlin Kotlin_Android Non_Encrypted_Data_Storage Low 5901 5901 5901 5901 5901
Kotlin Kotlin_Android Passing_Non_Encrypted_Data_Between_Activities Low 5891 5891 5891 5891 5891
Kotlin Kotlin_Android Privacy_Violation Medium 5825 5825 5825 5825 5825
Kotlin Kotlin_Android ProGuard_Obfuscation_Not_In_Use Low 5649 5649 5649 5649 5649
Kotlin Kotlin_Android Reuse_of_Cryptographic_Key Low 5904 5904 5904 5904 5904
Kotlin Kotlin_Android Screen_Caching Low 5835 5835 5835 5835 5835
Kotlin Kotlin_Android Sensitive_Information_Over_HTTP High 5764 5764 5764 5764 5764
Kotlin Kotlin_Android Unsafe_Permission_Check Medium 5862 5862 5862 5862 5862
Kotlin Kotlin_Android Use_Of_Implicit_Intent_For_Sensitive_Communication Medium 5882 5882 5882 5882 5882
Kotlin Kotlin_Android Use_of_WebView_AddJavascriptInterface High 5653 5653 5653 5653 5653
Kotlin Kotlin_Android WebView_Cache_Information_Leak Information 5889 5889 5889 5889 5889
Kotlin Kotlin_Android Webview_DOM_XSS Information 5767 5767 5767 5767 5767
Kotlin Kotlin_Best_Coding_Practice Potential_Usage_of_Vulnerable_Log4J Information 7053 7053 7053 7053 7053 7053 7053
Kotlin Kotlin_High_Risk Code_Injection High 6318 6318 6318 6318 6318 6318 6318 6318 6318 6318 6318 6318 6318 6318 6318 6318
Kotlin Kotlin_High_Risk Command_Injection High 6416 6416 6416 6416 6416 6416 6416 6416 6416 6416 6416 6416 6416 6416
Kotlin Kotlin_High_Risk Connection_String_Injection High 6324 6324 6324 6324 6324 6324 6324 6324 6324 6324 6324 6324 6324 6324 6324
Kotlin Kotlin_High_Risk Deserialization_of_Untrusted_Data High 6453 6453 6453 6453 6453 6453 6453 6453 6453 6453 6453 6453
Kotlin Kotlin_High_Risk Expression_Language_Injection_MVEL High 7694 7694 7694 7694 7694
Kotlin Kotlin_High_Risk Expression_Language_Injection_SPEL High 7735 7735 7735 7735 7735
Kotlin Kotlin_High_Risk LDAP_Injection High 7691 7691 7691 7691 7691 7691 7691
Kotlin Kotlin_High_Risk Reflected_XSS High 6280 6280 6280 6280 6280 6280 6280 6280 6280 6280 6280 6280 6280 6280 6280 6280 6280
Kotlin Kotlin_High_Risk Resource_Injection High 7700 7700 7700 7700 7700 7700 7700
Kotlin Kotlin_High_Risk Second_Order_SQL_Injection High 6616 6616 6616 6616 6616 6616 6616 6616 6616 6616 6616 6616 6616 6616 6616 6616
Kotlin Kotlin_High_Risk SQL_Injection High 6300 6300 6300 6300 6300 6300 6300 6300 6300 6300 6300 6300 6300 6300 6300 6300 6300
Kotlin Kotlin_High_Risk Stored_XSS High 6286 6286 6286 6286 6286 6286 6286 6286 6286 6286 6286 6286 6286 6286 6286 6286
Kotlin Kotlin_High_Risk Unsafe_Reflection High 7738 7738 7738 7738 7738
Kotlin Kotlin_High_Risk XPath_Injection High 6652 6652 6652 6652 6652 6652 6652 6652 6652 6652 6652 6652 6652 6652 6652
Kotlin Kotlin_Low_Visibility Command_Argument_Injection Low 6469 6469 6469 6469 6469 6469 6469
Kotlin Kotlin_Low_Visibility Deprecated_API Low 7144 7144 7144 7144 7144 7144
Kotlin Kotlin_Low_Visibility JWT_Excessive_Expiration_Time Low 6659 6659 6659 6659 6659 6659
Kotlin Kotlin_Low_Visibility JWT_Use_Of_None_Algorithm Low 6619 6619 6619 6619 6619 6619 6619
Kotlin Kotlin_Low_Visibility Password_In_Comment Low 6599 6599 6599 6599 6599 6599 6599 6599 6599 6599 6599 6599
Kotlin Kotlin_Low_Visibility Stored_Command_Argument_Injection Low 6470 6470 6470 6470 6470 6470 6470
Kotlin Kotlin_Low_Visibility Use_of_Broken_or_Risky_Cryptographic_Algorithm Low 6666 6666 6666 6666 6666 6666 6666 6666 6666 6666 6666 6666 6666 6666
Kotlin Kotlin_Low_Visibility Use_of_Hardcoded_Password Low 7667 7667 7667 7667 7667 7667 7667
Kotlin Kotlin_Low_Visibility Use_of_Non_Cryptographic_Random Low 6639 6639 6639 6639 6639 6639
Kotlin Kotlin_Low_Visibility Use_of_RSA_Algorithm_without_OAEP Low 6627 6627 6627 6627 6627 6627 6627 6627 6627 6627
Kotlin Kotlin_Low_Visibility Use_of_Unsafe_JNI Low 7791 7791 7791
Kotlin Kotlin_Medium_Threat Cleartext_Submission_of_Sensitive_Information Medium 7780 7780 7780 7780
Kotlin Kotlin_Medium_Threat DoS_by_Sleep Medium 7904 7904 7904 7904
Kotlin Kotlin_Medium_Threat Excessive_Data_Exposure Medium 7905 7905 7905 7905
Kotlin Kotlin_Medium_Threat Frameable_Login_Page Medium 7927 7927 7927 7927
Kotlin Kotlin_Medium_Threat Hardcoded_password_in_Connection_String Medium 7746 7746 7746 7746
Kotlin Kotlin_Medium_Threat HttpOnlyCookies Medium 7696 7696 7696 7696 7696 7696
Kotlin Kotlin_Medium_Threat Improper_Locking Medium 7785 7785 7785 7785
Kotlin Kotlin_Medium_Threat JWT_Lack_Of_Expiration_Time Medium 6620 6620 6620 6620 6620 6620 6620
Kotlin Kotlin_Medium_Threat JWT_No_Signature_Verification Medium 6618 6618 6618 6618 6618 6618 6618 6618
Kotlin Kotlin_Medium_Threat JWT_Sensitive_Information_Exposure Medium 6640 6640 6640 6640 6640 6640
Kotlin Kotlin_Medium_Threat JWT_Use_Of_Hardcoded_Secret Medium 6644 6644 6644 6644 6644 6644 6644 6644 6644
Kotlin Kotlin_Medium_Threat Missing_HSTS_Header Medium 7832 7832 7832 7832
Kotlin Kotlin_Medium_Threat Missing_Secure_In_Code Medium 7788 7788 7788 7788
Kotlin Kotlin_Medium_Threat Parameter_Tampering Medium 7794 7794 7794 7794
Kotlin Kotlin_Medium_Threat Plaintext_Storage_of_a_Password Medium 6686 6686 6686 6686 6686 6686 6686 6686 6686 6686 6686 6686 6686 6686
Kotlin Kotlin_Medium_Threat Privacy_Violation Medium 7774 7774 7774 7774
Kotlin Kotlin_Medium_Threat Reliance_on_Cookies_without_Validation Medium 7924 7924 7924 7924
Kotlin Kotlin_Medium_Threat Same_Seed_in_PRNG Medium 6645 6645 6645 6645 6645 6645 6645 6645 6645 6645 6645 6645 6645
Kotlin Kotlin_Medium_Threat SSRF Medium 7778 7778 7778 7778
Kotlin Kotlin_Medium_Threat Stored_Command_Injection Medium 6467 6467 6467 6467 6467 6467 6467 6467 6467 6467 6467 6467 6467
Kotlin Kotlin_Medium_Threat Stored_LDAP_Injection Medium 7737 7737 7737 7737 7737 7737 7737
Kotlin Kotlin_Medium_Threat Unchecked_Input_for_Loop_Condition Medium 6932 6932 6932 6932 6932 6932 6932
Kotlin Kotlin_Medium_Threat Unsafe_Object_Binding Medium 7793 7793 7793 7793
Kotlin Kotlin_Medium_Threat Use_of_a_One_Way_Hash_with_a_Predictable_Salt Medium 7739 7739 7739 7739 7739 7739 7739
Kotlin Kotlin_Medium_Threat Use_of_a_One_Way_Hash_without_a_Salt Medium 6677 6677 6677 6677 6677 6677 6677 6677 6677 6677 6677 6677 6677 6677 6677
Kotlin Kotlin_Medium_Threat Use_of_Cryptographically_Weak_PRNG Medium 7712 7712 7712 7712 7712 7712 7712
Kotlin Kotlin_Medium_Threat Use_of_Hardcoded_Cryptographic_Key Medium 5815 5815 5815 5815 5815 5815 5815 5815 5815 5815 5815 5815
Kotlin Kotlin_Spring Spring_ModelView_Injection Medium 7928 7928 7928 7928
Kotlin Kotlin_Spring Spring_View_Manipulation High 6679 6679 6679 6679 6679 6679
Lua Lua_Best_Coding_Practice Use_of_Evil_Regex Information 8227 8227

Page 24 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
Lua Lua_Best_Coding_Practice Use_of_Native_Language Information 8243 8243
Lua Lua_High_Risk Arbitrary_File_Write High 8023 8023 8023 8023
Lua Lua_High_Risk Code_Injection High 7814 7814 7814 7814
Lua Lua_High_Risk Command_Injection High 7961 7961 7961 7961
Lua Lua_High_Risk Connection_String_Injection High 7819 7819 7819 7819
Lua Lua_High_Risk Dangerous_File_Inclusion High 7820 7820 7820 7820
Lua Lua_High_Risk Deserialization_of_Untrusted_Data High 8154 8154 8154 8154
Lua Lua_High_Risk Insufficiently_Secure_Password_Storage_Algorithm_Parameters High 7769 7769 7769 7769
Lua Lua_High_Risk JWT_No_Signature_Verification High 7770 7770 7770 7770
Lua Lua_High_Risk Reflected_XSS_All_Clients High 7830 7830 7830 7830
Lua Lua_High_Risk Resource_Injection High 7816 7816 7816 7816
Lua Lua_High_Risk Second_Order_SQL_Injection High 7823 7823 7823 7823
Lua Lua_High_Risk SQL_Injection High 7822 7822 7822 7822
Lua Lua_High_Risk Stored_Code_Injection High 7815 7815 7815 7815
Lua Lua_High_Risk Stored_Command_Injection High 7962 7962 7962 7962
Lua Lua_High_Risk Stored_XSS High 7827 7827 7827 7827
Lua Lua_Low_Visibility Command_Argument_Injection Low 7963 7963 7963
Lua Lua_Low_Visibility Cookie_Overly_Broad_Path Low 7753 7753 7753
Lua Lua_Low_Visibility Dangerous_File_Extension Low 8025 8025 8025
Lua Lua_Low_Visibility Empty_password_in_Connection_String Low 7818 7818 7818
Lua Lua_Low_Visibility Exposure_of_System_Data Low 7972 7972 7972
Lua Lua_Low_Visibility Hardcoded_AWS_Credentials Low 7973 7973 7973
Lua Lua_Low_Visibility Heap_Inspection Low 8083 8083 8083
Lua Lua_Low_Visibility Improper_Exception_Handling Low 8077 8077 8077
Lua Lua_Low_Visibility Improper_Resource_Shutdown_or_Release Low 8071 8071 8071
Lua Lua_Low_Visibility Information_Exposure_Through_Server_Log Low 7987 7987 7987
Lua Lua_Low_Visibility Insufficient_Session_Expiration Low 7996 7996 7996
Lua Lua_Low_Visibility JWT_Excessive_Expiration_Time Low 7989 7989 7989
Lua Lua_Low_Visibility JWT_No_Expiration_Time_Validation Low 7990 7990 7990
Lua Lua_Low_Visibility JWT_No_NotBefore_Validation Low 7918 7918 7918
Lua Lua_Low_Visibility Leaving_Temporary_File Low 7974 7974 7974
Lua Lua_Low_Visibility Log_Forging Low 8079 8079 8079
Lua Lua_Low_Visibility Missing_Content_Security_Policy Low 8226 8226 8226
Lua Lua_Low_Visibility Missing_Framing_Policy Low 7991 7991 7991
Lua Lua_Low_Visibility Missing_HSTS_Header Low 8153 8153 8153
Lua Lua_Low_Visibility Missing_Password_Field_Masking_Node Low 8022 8022 8022
Lua Lua_Low_Visibility Null_Pointer_Dereference Low 8064 8064 8064
Lua Lua_Low_Visibility Overly_Permissive_Cross_Origin_Resource_Sharing_Policy Low 8019 8019 8019
Lua Lua_Low_Visibility Password_In_Comment Low 8024 8024 8024
Lua Lua_Low_Visibility Path_Traversal_Evasion_Attack_via_Replace Low 8020 8020 8020
Lua Lua_Low_Visibility PCI_Data_Exposure Low 8120 8120 8120
Lua Lua_Low_Visibility PCI_Data_Exposure_in_Error_Messages Low 8148 8148 8148
Lua Lua_Low_Visibility PCI_Data_Exposure_in_Files Low 8125 8125 8125
Lua Lua_Low_Visibility PCI_Data_Exposure_in_JWT Low 8149 8149 8149
Lua Lua_Low_Visibility PCI_Data_Exposure_in_Logs Low 8121 8121 8121
Lua Lua_Low_Visibility PCI_Data_Exposure_in_URL Low 8146 8146 8146
Lua Lua_Low_Visibility Permissive_Content_Security_Policy Low 8078 8078 8078
Lua Lua_Low_Visibility Privacy_Violation_in_Error_Messages Low 8102 8102 8102
Lua Lua_Low_Visibility Privacy_Violation_in_Files Low 8082 8082 8082
Lua Lua_Low_Visibility Privacy_Violation_in_JWT Low 7981 7981 7981 7981
Lua Lua_Low_Visibility Privacy_Violation_in_Logs Low 8085 8085 8085
Lua Lua_Low_Visibility Privacy_Violation_in_URL Low 8110 8110 8110
Lua Lua_Low_Visibility Reliance_on_DNS_Lookups_in_a_Decision Low 7975 7975 7975
Lua Lua_Low_Visibility Secret_Leak_in_Error_Messages Low 8116 8116 8116
Lua Lua_Low_Visibility Secret_Leak_in_Files Low 8111 8111 8111
Lua Lua_Low_Visibility Secret_Leak_in_Logs Low 8118 8118 8118
Lua Lua_Low_Visibility Secret_Leak_in_URL Low 8119 8119 8119
Lua Lua_Low_Visibility Server_Information_Exposure Low 8151 8151 8151
Lua Lua_Low_Visibility Server_Information_Exposure_via_Misconfiguration Low 8152 8152 8152
Lua Lua_Low_Visibility Stored_Command_Argument_Injection Low 7964 7964 7964
Lua Lua_Low_Visibility Trust_Boundary_Violation_in_Session_Variables Low 8028 8028 8028
Lua Lua_Low_Visibility Uncontrolled_Format_String Low 7976 7976 7976
Lua Lua_Low_Visibility Unrestricted_Read_S3 Low 7977 7977 7977
Lua Lua_Low_Visibility Use_Of_Hardcoded_Password Low 8026 8026 8026
Lua Lua_Low_Visibility Use_Of_Hardcoded_Password_In_Config Low 8147 8147 8147
Lua Lua_Low_Visibility Use_of_Non_Cryptographic_Random Low 7978 7978 7978
Lua Lua_Low_Visibility Using_Referer_Field_for_Authentication Low 7980 7980 7980
Lua Lua_Low_Visibility XSS_Evasion_Attack_via_Replace Low 8021 8021 8021
Lua Lua_Medium_Threat Absolute_Path_Traversal Medium 8013 8013 8013 8013
Lua Lua_Medium_Threat Broken_or_Risky_Encryption_Algorithm Medium 8063 8063 8063 8063
Lua Lua_Medium_Threat Broken_or_Risky_Hashing_Function Medium 7994 7994 7994 7994
Lua Lua_Medium_Threat CSRF Medium 8168 8168 8168 8168
Lua Lua_Medium_Threat DoS_by_Sleep Medium 7919 7919 7919 7919

Page 25 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
Lua Lua_Medium_Threat DoS_from_Evil_Regex Medium 7970 7970 7970 7970
Lua Lua_Medium_Threat DoS_from_RegEx_Injection Medium 7969 7969 7969 7969
Lua Lua_Medium_Threat Encoding_Used_Instead_of_Encryption Medium 7988 7988 7988 7988
Lua Lua_Medium_Threat Excessive_Data_Exposure Medium 8122 8122 8122 8122
Lua Lua_Medium_Threat Hardcoded_Cryptographic_IV Medium 7915 7915 7915 7915
Lua Lua_Medium_Threat Hardcoded_Cryptographic_Key Medium 7914 7914 7914 7914
Lua Lua_Medium_Threat Hardcoded_password_in_Connection_String Medium 7817 7817 7817 7817
Lua Lua_Medium_Threat Hardcoded_Salt Medium 7768 7768 7768 7768
Lua Lua_Medium_Threat Hashing_Length_Extension_Attack Medium 8124 8124 8124 8124
Lua Lua_Medium_Threat HttpOnly_Cookie_Flag_Not_Set Medium 7754 7754 7754 7754
Lua Lua_Medium_Threat Insecure_Asymmetric_Cryptographic_Algorithm_Parameters Medium 7985 7985 7985 7985
Lua Lua_Medium_Threat Insecure_Value_of_the_SameSite_Cookie_Attribute Medium 7755 7755 7755 7755
Lua Lua_Medium_Threat JWT_Lack_of_Expiration_Time Medium 7771 7771 7771 7771
Lua Lua_Medium_Threat JWT_Use_Of_Hardcoded_Secret Medium 7824 7824 7824 7824
Lua Lua_Medium_Threat Misconfigured_HSTS_Header Medium 8076 8076 8076 8076
Lua Lua_Medium_Threat Missing_Encryption_of_Sensitive_Data Medium 7992 7992 7992 7992
Lua Lua_Medium_Threat Open_Redirect Medium 7923 7923 7923 7923
Lua Lua_Medium_Threat Parameter_Tampering Medium 8067 8067 8067 8067
Lua Lua_Medium_Threat Plaintext_Storage_of_a_Password Medium 7921 7921 7921 7921
Lua Lua_Medium_Threat Privacy_Violation Medium 8075 8075 8075 8075
Lua Lua_Medium_Threat Race_Condition Medium 8065 8065 8065 8065
Lua Lua_Medium_Threat Relative_Path_Traversal Medium 8014 8014 8014 8014
Lua Lua_Medium_Threat Secret_Leak Medium 8109 8109 8109 8109
Lua Lua_Medium_Threat Secret_Leak_in_JWT Medium 8117 8117 8117 8117
Lua Lua_Medium_Threat Secure_Cookie_Flag_Not_Set Medium 7756 7756 7756 7756
Lua Lua_Medium_Threat Sensitive_Information_Exposure_in_Cleartext_Channel Medium 8027 8027 8027 8027
Lua Lua_Medium_Threat Session_Fixation Medium 8017 8017 8017 8017
Lua Lua_Medium_Threat SSL_Verification_Bypass Medium 7993 7993 7993 7993
Lua Lua_Medium_Threat SSRF Medium 7971 7971 7971 7971
Lua Lua_Medium_Threat Stored_Absolute_Path_Traversal Medium 8015 8015 8015 8015
Lua Lua_Medium_Threat Stored_Dangerous_File_Inclusion Medium 7821 7821 7821 7821
Lua Lua_Medium_Threat Stored_Relative_Path_Traversal Medium 8016 8016 8016 8016
Lua Lua_Medium_Threat Unchecked_Input_for_Loop_Condition Medium 8030 8030 8030 8030
Lua Lua_Medium_Threat Uncontrolled_Memory_Allocation Medium 7995 7995 7995 7995
Lua Lua_Medium_Threat Use_of_Cryptographically_Weak_PRNG Medium 7920 7920 7920 7920
Objc Apple_Secure_Coding_Guide Buffer_Size_Literal Information 3090 3090 3090 3090 3090 3090
Objc Apple_Secure_Coding_Guide Buffer_Size_Literal_Condition Low 3633 3633 3633 3633 3633 3633 3633 3633 3633 3633
Objc Apple_Secure_Coding_Guide Buffer_Size_Literal_Overflow High 3634 3634 3634 3634 3634 3634 3634 3634 3634 3634 3634 3634
Objc Apple_Secure_Coding_Guide Improper_Implementation_of_NSSecureCoding High 3587 3587 3587 3587 3587 3587 3587 3587 3587 3587 3587 3587 3587
Objc Apple_Secure_Coding_Guide Jailbreak_File_Referenced_By_Name Low 3608 3608 3608 3608 3608 3608 3608 3608 3608 3608
Objc Apple_Secure_Coding_Guide Jailbreak_Unchecked_File_Operation_Result_Code Low 3609 3609 3609 3609 3609 3609 3609
Objc Apple_Secure_Coding_Guide NSPredicate_Injection High 3593 3593 3593 3593 3593 3593 3593 3593 3593 3593 3593 3593 3593 3593
Objc Apple_Secure_Coding_Guide NSPredicate_Injection_Via_Deserialization High 3594 3594 3594 3594 3594 3594 3594 3594 3594 3594 3594 3594 3594 3594 3594
Objc Apple_Secure_Coding_Guide Path_Manipulation Medium 3624 3624 3624 3624 3624 3624 3624 3624 3624 3624 3624 3624 3624
Objc Apple_Secure_Coding_Guide Signed_Memory_Arithmetic High 3592 3592 3592 3592 3592 3592 3592 3592 3592 3592 3592 3592
Objc Apple_Secure_Coding_Guide UDP_Protocol_Used Information 3611 3611 3611 3611
Objc Apple_Secure_Coding_Guide Unchecked_CString_Convertion Low 3610 3610 3610 3610 3610 3610 3610
Objc Apple_Secure_Coding_Guide Unscrubbed_Secret Low 3626 3626 3626 3626 3626 3626 3626 3626 3626
Objc Apple_Secure_Coding_Guide Unsecure_Deserialization High 3588 3588 3588 3588 3588 3588 3588 3588 3588 3588 3588 3588 3588 3588 3588
Objc Apple_Secure_Coding_Guide URL_Injection Low 3596 3596 3596 3596 3596 3596 3596 3596 3596 3596 3596 3596 3596
Objc ObjectiveC_Best_Coding_Practice Dead_Code Information 2920 2920
Objc ObjectiveC_Best_Coding_Practice Dynamic_SQL_Queries Information 3938 3938 3938 3938 3938 3938 3938 3938 3938 3938 3938 3938
Objc ObjectiveC_Best_Coding_Practice Empty_Methods Information 2921 2921 2921 2921 2921
Objc ObjectiveC_Best_Coding_Practice Expression_is_Always_False Information 2798 2798
Objc ObjectiveC_Best_Coding_Practice Expression_is_Always_True Information 2799 2799
Objc ObjectiveC_Best_Coding_Practice Missing_Colon_In_Selector Information 2856 2856 2856
Objc ObjectiveC_High_Risk App_Transport_Security_Bypass High 4732 4732 4732 4732 4732 4732 4732 4732 4732 4732 4732
Objc ObjectiveC_High_Risk Deserialization_of_Untrusted_Data High 4735 4735 4735 4735 4735 4735 4735 4735 4735 4735 4735 4735 4735 4735
Objc ObjectiveC_High_Risk Information_Exposure_Through_Extension High 3867 3867 3867 3867 3867 3867 3867 3867 3867 3867 3867 3867 3867 3867
Objc ObjectiveC_High_Risk Reflected_XSS_All_Clients High 2183 2183 2183 2183 2183 2183 2183 2183 2183 2183 2183 2183 2183 2183 2183 2183 2183 2183 2183
Objc ObjectiveC_High_Risk Second_Order_SQL_Injection High 2184 2184 2184 2184 2184 2184 2184 2184 2184 2184 2184 2184 2184 2184 2184 2184 2184 2184
Objc ObjectiveC_High_Risk SQL_Injection High 2185 2185 2185 2185 2185 2185 2185 2185 2185 2185 2185 2185 2185 2185 2185 2185 2185 2185 2185
Objc ObjectiveC_High_Risk Stored_XSS High 2186 2186 2186 2186 2186 2186 2186 2186 2186 2186 2186 2186 2186 2186 2186 2186 2186 2186
Objc ObjectiveC_High_Risk Third_Party_Keyboards_On_Sensitive_Field High 3866 3866 3866 3866 3866 3866 3866 3866 3866 3866 3866 3866
Objc ObjectiveC_High_Risk Universal_XSS High 4728 4728 4728 4728 4728 4728 4728 4728 4728 4728 4728
Objc ObjectiveC_High_Risk Unsafe_Reflection High 2187 2187 2187 2187 2187 2187 2187 2187 2187 2187 2187 2187 2187 2187
Objc ObjectiveC_Low_Visibility Allowed_Backup Low 5320 5320 5320 5320 5320 5320
Objc ObjectiveC_Low_Visibility Empty_Password Low 2794 2794 2794 2794 2794 2794 2794 2794 2794 2794
Objc ObjectiveC_Low_Visibility Functions_Apple_Recommends_To_Avoid Low 2851 2851 2851 2851 2851 2851 2851 2851
Objc ObjectiveC_Low_Visibility Heap_Inspection Low 2911 2911 2911 2911 2911 2911 2911 2911 2911 2911 2911 2911 2911
Objc ObjectiveC_Low_Visibility Improper_Resource_Shutdown_or_Release Low 2912 2912 2912 2912 2912 2912 2912 2912 2912
Objc ObjectiveC_Low_Visibility Incorrect_Initialization Low 2852 2852 2852 2852 2852
Objc ObjectiveC_Low_Visibility Information_Exposure_Through_an_Error_Message Low 2795 2795 2795 2795 2795 2795 2795 2795 2795 2795 2795 2795 2795 2795 2795 2795

Page 26 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
Objc ObjectiveC_Low_Visibility Information_Leak_Through_Response_Caching Low 5299 5299 5299 5299 5299 5299
Objc ObjectiveC_Low_Visibility Insufficient_Encryption_Key_Size Low 2913 2913 2913 2913 2913 2913 2913 2913 2913 2913
Objc ObjectiveC_Low_Visibility iOS_Improper_Resource_Release_Shutdown Low 3937 3937 3937 3937 3937 3937
Objc ObjectiveC_Low_Visibility Log_Forging Low 2188 2188 2188 2188 2188 2188 2188 2188 2188 2188 2188 2188 2188 2188
Objc ObjectiveC_Low_Visibility Memory_Leak Low 2914 2914 2914 2914 2914 2914 2914 2914 2914
Objc ObjectiveC_Low_Visibility Missing_Certificate_Pinning Low 4899 4899 4899 4899 4899 4899 4899 4899
Objc ObjectiveC_Low_Visibility Missing_Device_Lock_Verification Low 4787 4787 4787 4787 4787 4787 4787 4787
Objc ObjectiveC_Low_Visibility Missing_Jailbreak_Check Low 5296 5296 5296 5296 5296 5296 5296 5296 5296
Objc ObjectiveC_Low_Visibility Null_Password Low 2915 2915 2915 2915 2915 2915 2915 2915 2915
Objc ObjectiveC_Low_Visibility Password_In_Comment Low 4414 4414 4414 4414 4414 4414 4414 4414 4414 4414 4414 4414 4414
Objc ObjectiveC_Low_Visibility Plain_Text_Transport_Layer Low 4895 4895 4895 4895 4895 4895 4895
Objc ObjectiveC_Low_Visibility Poor_Authorization_and_Authentication Low 2189 2189 2189 2189 2189 2189 2189 2189 2189 2189 2189 2189
Objc ObjectiveC_Low_Visibility Potential_ReDoS Low 2190 2190 2190 2190 2190 2190 2190 2190 2190 2190 2190 2190 2190
Objc ObjectiveC_Low_Visibility Sensitive_Data_In_Temp_Folders Low 2916 2916 2916 2916 2916 2916 2916
Objc ObjectiveC_Low_Visibility Third_Party_Keyboard_Enabled Low 3865 3865 3865 3865 3865 3865 3865 3865 3865
Objc ObjectiveC_Low_Visibility Unchecked_Return_Value Low 2917 2917 2917 2917 2917 2917 2917 2917 2917
Objc ObjectiveC_Low_Visibility Use_of_Broken_or_Risky_Cryptographic_Algorithm Low 2221 2221 2221 2221 2221 2221 2221 2221 2221 2221 2221 2221 2221 2221 2221 2221
Objc ObjectiveC_Low_Visibility Use_of_Hardcoded_Cryptographic_Key Low 2918 2918 2918 2918 2918 2918 2918 2918 2918 2918 2918 2918
Objc ObjectiveC_Low_Visibility Use_of_Hardcoded_Password Low 2796 2796 2796 2796 2796 2796 2796 2796 2796 2796 2796 2796 2796 2796 2796 2796 2796
Objc ObjectiveC_Low_Visibility Use_of_Insufficiently_Random_Values Low 2919 2919 2919 2919 2919 2919 2919 2919 2919 2919 2919 2919 2919 2919 2919 2919
Objc ObjectiveC_Low_Visibility Use_of_Obsolete_Functions Low 2797 2797 2797 2797 2797 2797 2797 2797 2797
Objc ObjectiveC_Medium_Threat Autocorrection_Keystroke_Logging Medium 3843 3843 3843 3843 3843 3843 3843 3843 3843 3843 3843
Objc ObjectiveC_Medium_Threat Cut_And_Paste_Leakage Medium 2191 2191 2191 2191 2191 2191 2191 2191 2191 2191 2191 2191 2191
Objc ObjectiveC_Medium_Threat Format_String_Attack Medium 2906 2906 2906 2906 2906 2906 2906 2906 2906 2906 2906 2906 2906 2906 2906 2906 2906
Objc ObjectiveC_Medium_Threat Improper_Certificate_Validation Medium 2907 2907 2907 2907 2907 2907 2907 2907 2907 2907 2907 2907
Objc ObjectiveC_Medium_Threat Information_Exposure_Through_Query_String Medium 2908 2908 2908 2908 2908 2908 2908 2908 2908 2908 2908 2908
Objc ObjectiveC_Medium_Threat Insecure_Data_Storage Medium 2192 2192 2192 2192 2192 2192 2192 2192 2192 2192 2192 2192 2192
Objc ObjectiveC_Medium_Threat Insufficient_Transport_Layer_Input Medium 2193 2193 2193 2193 2193 2193 2193 2193 2193 2193 2193 2193 2193
Objc ObjectiveC_Medium_Threat Insufficient_Transport_Layer_Output Medium 2909 2909 2909 2909 2909 2909 2909 2909 2909 2909 2909 2909
Objc ObjectiveC_Medium_Threat Missing_Encryption_of_Sensitive_Data Medium 2905 2905 2905 2905 2905 2905 2905 2905 2905 2905 2905 2905 2905 2905 2905 2905 2905
Objc ObjectiveC_Medium_Threat Parameter_Tampering Medium 2857 2857 2857 2857 2857 2857 2857 2857 2857 2857 2857 2857 2857 2857 2857 2857
Objc ObjectiveC_Medium_Threat Path_Traversal Medium 2194 2194 2194 2194 2194 2194 2194 2194 2194 2194 2194 2194 2194 2194 2194 2194
Objc ObjectiveC_Medium_Threat ReDoS Medium 2195 2195 2195 2195 2195 2195 2195 2195 2195 2195
Objc ObjectiveC_Medium_Threat Screen_Caching Medium 2910 2910 2910 2910 2910 2910 2910 2910
Objc ObjectiveC_Medium_Threat Side_Channel_Data_Leakage Medium 2196 2196 2196 2196 2196 2196 2196 2196 2196 2196 2196 2196 2196
Objc ObjectiveC_Medium_Threat XML_External_Entity Medium 2197 2197 2197 2197 2197 2197 2197 2197 2197 2197 2197 2197
Perl Perl_Best_Coding_Practice Empty_Methods Information 2026 2026 2026 2026 2026 2026
Perl Perl_Best_Coding_Practice Hardcoded_Absolute_Path Information 2019 2019 2019 2019 2019 2019 2019 2019
Perl Perl_Best_Coding_Practice Prepending_Leading_Zeroes_To_Integer_Literals Information 2027 2027 2027
Perl Perl_Best_Coding_Practice Reusing_Variable_Names_In_Subscopes Information 2063 2063 2063 2063 2063
Perl Perl_Best_Coding_Practice Using_Perl4_Package_Names Information 2064 2064 2064 2064 2064
Perl Perl_Best_Coding_Practice Using_Subroutine_Prototypes Information 2031
Perl Perl_High_Risk Code_Injection High 2011 2011 2011 2011 2011 2011 2011 2011 2011 2011 2011 2011 2011 2011 2011 2011 2011
Perl Perl_High_Risk Command_Injection High 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012
Perl Perl_High_Risk Connection_String_Injection High 2013 2013 2013 2013 2013 2013 2013 2013 2013 2013 2013 2013 2013 2013 2013 2013 2013
Perl Perl_High_Risk LDAP_Injection High 2763 2763 2763 2763 2763 2763 2763 2763 2763 2763 2763 2763 2763 2763 2763 2763
Perl Perl_High_Risk Reflected_XSS_All_Clients High 2014 2014 2014 2014 2014 2014 2014 2014 2014 2014 2014 2014 2014 2014 2014 2014 2014 2014
Perl Perl_High_Risk Remote_File_Inclusion High 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020
Perl Perl_High_Risk Resource_Injection High 2015 2015 2015 2015 2015 2015 2015 2015 2015 2015 2015 2015 2015 2015 2015 2015 2015
Perl Perl_High_Risk Second_Order_SQL_Injection High 2016 2016 2016 2016 2016 2016 2016 2016 2016 2016 2016 2016 2016 2016 2016 2016 2016
Perl Perl_High_Risk SQL_Injection High 2017 2017 2017 2017 2017 2017 2017 2017 2017 2017 2017 2017 2017 2017 2017 2017 2017 2017
Perl Perl_High_Risk Stored_XSS High 2018 2018 2018 2018 2018 2018 2018 2018 2018 2018 2018 2018 2018 2018 2018 2018 2018
Perl Perl_Low_Visibility Import_of_Deprecated_Modules Low 2039 2039 2039 2039 2039 2039 2039
Perl Perl_Low_Visibility Improper_Filtering_of_Special_Elements Low 2054 2054 2054 2054
Perl Perl_Low_Visibility Information_Exposure_Through_an_Error_Message Low 2065 2065 2065 2065 2065 2065 2065 2065 2065 2065 2065 2065 2065 2065 2065
Perl Perl_Low_Visibility Log_Forging Low 2040 2040 2040 2040 2040 2040 2040 2040 2040 2040 2040 2040 2040 2040
Perl Perl_Low_Visibility Not_Checking_Regular_Expressions_Results Low 2066 2066 2066 2066 2066 2066 2066
Perl Perl_Low_Visibility Overloading_Reserved_Keywords_or_Subroutines Low 2041 2041 2041 2041 2041 2041 2041 2041
Perl Perl_Low_Visibility Permissive_Regular_Expression Low 2056 2056 2056 2056 2056
Perl Perl_Low_Visibility Prohibit_Indirect_Object_Call_Syntax Low 2067 2067 2067 2067 2067 2067
Perl Perl_Low_Visibility Signifying_Inheritence_At_Runtime Low 2068 2068 2068 2068 2068 2068 2068 2068 2068
Perl Perl_Low_Visibility Unchecked_Return_Value Low 2058 2058 2058 2058 2058 2058 2058
Perl Perl_Low_Visibility Use_of_Broken_or_Risky_Cryptographic_Algorithm Low 2046 2046 2046 2046 2046 2046 2046 2046 2046 2046 2046 2046 2046 2046 2046 2046
Perl Perl_Low_Visibility Use_of_Deprecated_or_Obsolete_Functions Low 2069 2069 2069 2069 2069 2069 2069
Perl Perl_Low_Visibility Variables_Outside_The_Scope_of_a_Regex Low 2042 2042 2042 2042
Perl Perl_Medium_Threat CSRF Medium 2048 2048 2048 2048 2048 2048 2048 2048 2048 2048 2048 2048 2048 2048 2048
Perl Perl_Medium_Threat DoS_by_Sleep Medium 2022 2022 2022 2022 2022 2022 2022 2022 2022 2022 2022 2022 2022 2022 2022
Perl Perl_Medium_Threat Improper_Restriction_of_XXE_Ref Medium 4119 4119 4119 4119 4119 4119 4119 4119 4119 4119 4119 4119 4119 4119
Perl Perl_Medium_Threat Missing_Encryption_of_Sensitive_Data Medium 2043 2043 2043 2043 2043 2043 2043 2043 2043 2043 2043 2043 2043 2043 2043 2043 2043
Perl Perl_Medium_Threat Parameter_Tampering Medium 4137 4137 4137 4137 4137 4137 4137 4137 4137 4137 4137 4137 4137 4137
Perl Perl_Medium_Threat Path_Traversal Medium 2059 2059 2059 2059 2059 2059 2059 2059 2059 2059 2059 2059 2059 2059 2059 2059 2059
Perl Perl_Medium_Threat Privacy_Violation Medium 2107 2107 2107 2107 2107 2107 2107 2107 2107 2107 2107 2107 2107 2107 2107 2107 2107
Perl Perl_Medium_Threat Stored_Code_Injection Medium 2024 2024 2024 2024 2024 2024 2024 2024 2024 2024 2024 2024 2024 2024 2024 2024 2024

Page 27 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
Perl Perl_Medium_Threat Stored_Command_Injection Medium 2044 2044 2044 2044 2044 2044 2044 2044 2044 2044 2044 2044 2044 2044 2044 2044
Perl Perl_Medium_Threat Stored_LDAP_Injection Medium 2762 2762 2762 2762 2762 2762 2762 2762 2762 2762 2762 2762 2762 2762 2762 2762
Perl Perl_Medium_Threat Stored_Path_Traversal Medium 2057 2057 2057 2057 2057 2057 2057 2057 2057 2057 2057 2057 2057 2057 2057 2057
Perl Perl_Medium_Threat Uncontrolled_Format_String Medium 2070 2070 2070 2070 2070 2070 2070 2070 2070 2070 2070 2070 2070 2070 2070 2070
Perl Perl_Medium_Threat Uncontrolled_Memory_Allocation Medium 2060 2060 2060 2060 2060 2060 2060 2060 2060
Perl Perl_Medium_Threat Unprotected_Transport_of_Credentials Medium 2045 2045 2045 2045 2045 2045 2045 2045 2045 2045 2045 2045 2045
Perl Perl_Medium_Threat Use_Of_Hardcoded_Password Medium 2061 2061 2061 2061 2061 2061 2061 2061 2061 2061 2061 2061 2061 2061 2061 2061 2061
Perl Perl_Medium_Threat Use_of_Two_Argument_Form_of_Open Medium 2047 2047 2047 2047 2047 2047 2047 2047 2047 2047 2047 2047
PHP PHP_Best_Coding_Practice Declaration_Of_Catch_For_Generic_Exception Information 1353 1353 1353 1353 1353 1353
PHP PHP_Best_Coding_Practice Detection_of_Error_Condition_Without_Action Information 1352 1352 1352 1352 1352 1352 1352
PHP PHP_Best_Coding_Practice Exposure_of_Resource_to_Wrong_Sphere Information 1356 1356 1356 1356 1356 1356
PHP PHP_Best_Coding_Practice Hardcoded_Absolute_Path Information 1342 1342 1342 1342 1342 1342 1342 1342
PHP PHP_Best_Coding_Practice Outdated_Encryption_Algorithm Information 8101 8101
PHP PHP_Best_Coding_Practice Outdated_Hashing_Function Information 8100 8100
PHP PHP_Best_Coding_Practice Possible_Global_Variable_Overwrite Information 4538 4538
PHP PHP_Best_Coding_Practice Unchecked_Error_Condition Information 1351 1351 1351 1351 1351 1351 1351
PHP PHP_Best_Coding_Practice Unclosed_Objects Information 1355
PHP PHP_Best_Coding_Practice Use_of_Evil_Regex Information 8214 8214
PHP PHP_Best_Coding_Practice Use_Of_Namespace Information 2322 2322 2322 2322 2322
PHP PHP_Best_Coding_Practice Use_Of_Private_Static_Variable Information 2323 2323 2323 2323 2323
PHP PHP_Best_Coding_Practice Use_Of_Super_GLOBALS Information 2324
PHP PHP_High_Risk Absolute_Path_Traversal High 8053 8053 8053 8053
PHP PHP_High_Risk Code_Injection High 1312 1312 1312 1312 1312 1312 1312 1312 1312 1312 1312 1312 1312 1312 1312 1312 1312
PHP PHP_High_Risk Command_Injection High 1313 1313 1313 1313 1313 1313 1313 1313 1313 1313 1313 1313 1313 1313 1313
PHP PHP_High_Risk Dangerous_File_Inclusion High 7572 7572 7572 7572
PHP PHP_High_Risk Dangerous_File_Upload High 8031 8031 8031 8031
PHP PHP_High_Risk Deserialization_of_Untrusted_Data High 5425 5425 5425 5425 5425 5425 5425 5425 5425 5425 5425 5425
PHP PHP_High_Risk Insufficiently_Secure_Password_Storage_Algorithm_Parameters High 8044 8044 8044 8044
PHP PHP_High_Risk JWT_No_Signature_Verification High 7933 7933 7933 7933
PHP PHP_High_Risk JWT_Use_Of_None_Algorithm High 7931 7931 7931 7931
PHP PHP_High_Risk LDAP_Injection High 1404 1404 1404 1404 1404 1404 1404 1404 1404 1404 1404 1404 1404 1404 1404 1404
PHP PHP_High_Risk MongoDB_NoSQL_Injection High 7573 7573 7573 7573
PHP PHP_High_Risk Reflected_XSS High 1314 1314 1314 1314 1314 1314 1314 1314 1314 1314 1314 1314 1314 1314 1314 1314 1314 1314 1314
PHP PHP_High_Risk Second_Order_SQL_Injection High 1316 1316 1316 1316 1316 1316 1316 1316 1316 1316 1316 1316 1316 1316 1316 1316 1316
PHP PHP_High_Risk Server_Side_Template_Injection High 8042 8042 8042 8042
PHP PHP_High_Risk SQL_Injection High 1317 1317 1317 1317 1317 1317 1317 1317 1317 1317 1317 1317 1317 1317 1317 1317 1317 1317 1317
PHP PHP_High_Risk Stored_Absolute_Path_Traversal High 8045 8045 8045 8045
PHP PHP_High_Risk Stored_XPath_Injection High 3484 3484 3484 3484 3484 3484 3484 3484 3484 3484 3484 3484 3484 3484 3484
PHP PHP_High_Risk Stored_XSS High 1318 1318 1318 1318 1318 1318 1318 1318 1318 1318 1318 1318 1318 1318 1318 1318 1318 1318
PHP PHP_High_Risk Unsafe_Reflection High 1405 1405 1405 1405 1405 1405 1405 1405 1405 1405 1405 1405 1405 1405
PHP PHP_High_Risk XPath_Injection High 1406 1406 1406 1406 1406 1406 1406 1406 1406 1406 1406 1406 1406 1406 1406 1406
PHP PHP_Low_Visibility Command_Argument_Injection Low 8094 8094 8094
PHP PHP_Low_Visibility Comparison_Timing_Attack Low 8098 8098 8098
PHP PHP_Low_Visibility Cookie_Overly_Broad_Path Low 8095 8095 8095
PHP PHP_Low_Visibility Cookie_Overly_Broad_Path_In_Config Low 8096 8096 8096
PHP PHP_Low_Visibility Deprecated_Functions Low 4723 4723 4723 4723 4723 4723 4723
PHP PHP_Low_Visibility Error_Messages_Misconfiguration Low 8097 8097 8097
PHP PHP_Low_Visibility Hardcoded_Public_Key Low 8041 8041 8041
PHP PHP_Low_Visibility Improper_Exception_Handling Low 1344 1344 1344 1344 1344 1344 1344 1344 1344 1344 1344
PHP PHP_Low_Visibility Improper_Transaction_Handling Low 1345 1345 1345 1345 1345
PHP PHP_Low_Visibility Information_Exposure_Through_an_Error_Message Low 1349 1349 1349 1349 1349 1349 1349 1349 1349 1349 1349 1349 1349 1349 1349
PHP PHP_Low_Visibility Information_Leak_Through_Persistent_Cookies Low 1347 1347 1347 1347 1347 1347 1347 1347 1347 1347 1347 1347 1347
PHP PHP_Low_Visibility Insufficient_Sanitization_for_XSS Low 2321 2321 2321 2321 2321 2321 2321 2321 2321 2321 2321
PHP PHP_Low_Visibility JWT_Excessive_Expiration_Time Low 8057 8057 8057
PHP PHP_Low_Visibility JWT_No_Expiration_Time_Validation Low 8043 8043 8043
PHP PHP_Low_Visibility JWT_No_NotBefore_Validation Low 7958 7958 7958
PHP PHP_Low_Visibility Log_Forging Low 1346 1346 1346 1346 1346 1346 1346 1346 1346 1346 1346 1346 1346
PHP PHP_Low_Visibility Missing_Framing_Policy Low 8099 8099 8099
PHP PHP_Low_Visibility Reliance_on_DNS_Lookups_in_a_Decision Low 2130 2130 2130 2130 2130 2130 2130 2130 2130 2130 2130
PHP PHP_Low_Visibility Stored_Command_Argument_Injection Low 8093 8093 8093
PHP PHP_Low_Visibility Trust_Boundary_Violation_in_Session_Variables Low 2210 2210 2210 2210 2210 2210 2210 2210 2210 2210 2210 2210 2210 2210
PHP PHP_Low_Visibility Unsafe_Use_Of_Target_Blank Low 4511 4511 4511 4511 4511 4511 4511
PHP PHP_Low_Visibility Use_Of_Hardcoded_Password Low 1343 1343 1343 1343 1343 1343 1343 1343 1343 1343 1343 1343 1343 1343 1343 1343
PHP PHP_Low_Visibility Use_of_Non_Cryptographic_Random Low 1407 1407 1407 1407 1407 1407 1407 1407 1407 1407 1407 1407 1407 1407 1407
PHP PHP_Medium_Threat Broken_or_Risky_Encryption_Algorithm Medium 8051 8051 8051 8051
PHP PHP_Medium_Threat Broken_or_Risky_Hashing_Function Medium 8052 8052 8052 8052
PHP PHP_Medium_Threat CSRF Medium 1340 1340 1340 1340 1340 1340 1340 1340 1340 1340 1340 1340 1340 1340 1340 1340
PHP PHP_Medium_Threat DoS_by_Sleep Medium 1336 1336 1336 1336 1336 1336 1336 1336 1336 1336 1336 1336 1336 1336
PHP PHP_Medium_Threat DoS_from_Evil_Regex Medium 7947 7947 7947 7947
PHP PHP_Medium_Threat DoS_from_Regex_Injection Medium 7940 7940 7940 7940
PHP PHP_Medium_Threat Encoding_Used_Instead_of_Encryption Medium 7954 7954 7954 7954
PHP PHP_Medium_Threat Hardcoded_Salt Medium 8037 8037 8037 8037
PHP PHP_Medium_Threat Hashing_Length_Extension_Attack Medium 8062 8062 8062 8062

Page 28 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
PHP PHP_Medium_Threat Header_Injection Medium 3466 3466 3466 3466 3466 3466 3466 3466 3466 3466 3466 3466 3466 3466
PHP PHP_Medium_Threat HttpOnly_Cookie_Flag_Not_Set Medium 7717 7717 7717 7717
PHP PHP_Medium_Threat HttpOnly_Cookie_Flag_Not_Set_In_Config Medium 7716 7716 7716 7716
PHP PHP_Medium_Threat Improper_Restriction_of_Stored_XXE_Ref Medium 4444 4444 4444 4444 4444 4444 4444 4444 4444 4444 4444 4444 4444 4444
PHP PHP_Medium_Threat Improper_Restriction_of_XXE_Ref Medium 3653 3653 3653 3653 3653 3653 3653 3653 3653 3653 3653 3653 3653 3653
PHP PHP_Medium_Threat Insecure_Asymmetric_Cryptographic_Algorithm_Parameters Medium 8038 8038 8038 8038
PHP PHP_Medium_Threat Insecure_Value_of_the_SameSite_Cookie_Attribute_In_Code Medium 7727 7727 7727 7727
PHP PHP_Medium_Threat Insecure_Value_of_the_SameSite_Cookie_Attribute_In_Config Medium 7726 7726 7726 7726
PHP PHP_Medium_Threat Insecure_WebSocket_Connection Medium 7945 7945 7945 7945
PHP PHP_Medium_Threat JWT_Lack_Of_Expiration_Time Medium 7949 7949 7949 7949
PHP PHP_Medium_Threat JWT_Sensitive_Information_Exposure Medium 7936 7936 7936 7936
PHP PHP_Medium_Threat JWT_Use_Of_Hardcoded_Secret Medium 7934 7934 7934 7934
PHP PHP_Medium_Threat Loose_Comparison Medium 7944 7944 7944 7944
PHP PHP_Medium_Threat Missing_Encryption_of_Sensitive_Data Medium 8060 8060 8060 8060
PHP PHP_Medium_Threat Missing_HSTS_Header Medium 5437 5437 5437 5437 5437 5437 5437 5437 5437
PHP PHP_Medium_Threat Open_Redirect Medium 1348 1348 1348 1348 1348 1348 1348 1348 1348 1348 1348 1348 1348 1348 1348 1348
PHP PHP_Medium_Threat Parameter_Tampering Medium 1339 1339 1339 1339 1339 1339 1339 1339 1339 1339 1339 1339 1339 1339
PHP PHP_Medium_Threat Plaintext_Storage_of_a_Password Medium 7929 7929 7929 7929
PHP PHP_Medium_Threat Privacy_Violation Medium 2119 2119 2119 2119 2119 2119 2119 2119 2119 2119 2119 2119 2119 2119 2119 2119 2119
PHP PHP_Medium_Threat Regex_Filter_Bypass Medium 7943 7943 7943 7943
PHP PHP_Medium_Threat Relative_Path_Traversal Medium 8034 8034 8034 8034
PHP PHP_Medium_Threat Secure_Cookie_Flag_Not_Set Medium 7722 7722 7722 7722
PHP PHP_Medium_Threat Secure_Cookie_Flag_Not_Set_In_Config Medium 7721 7721 7721 7721
PHP PHP_Medium_Threat Session_Fixation Medium 2120 2120 2120 2120 2120 2120 2120 2120 2120 2120 2120 2120 2120 2120 2120
PHP PHP_Medium_Threat SSL_Verification_Bypass Medium 3582 3582 3582 3582 3582 3582 3582 3582 3582 3582 3582 3582
PHP PHP_Medium_Threat SSRF Medium 7957 7957 7957 7957
PHP PHP_Medium_Threat SSTI_Twig Medium 8061 8061 8061 8061
PHP PHP_Medium_Threat Storage_Controlled_Dynamic_Variable Medium 7730 7730 7730 7730
PHP PHP_Medium_Threat Stored_Code_Injection Medium 1319 1319 1319 1319 1319 1319 1319 1319 1319 1319 1319 1319 1319 1319 1319 1319 1319
PHP PHP_Medium_Threat Stored_Command_Injection Medium 3488 3488 3488 3488 3488 3488 3488 3488 3488 3488 3488 3488 3488 3488 3488
PHP PHP_Medium_Threat Stored_Dangerous_File_Inclusion Medium 7599 7599 7599 7599
PHP PHP_Medium_Threat Stored_DoS_from_Evil_Regex Medium 7938 7938 7938 7938
PHP PHP_Medium_Threat Stored_DoS_from_Regex_Injection Medium 7932 7932 7932 7932
PHP PHP_Medium_Threat Stored_LDAP_Injection Medium 3487 3487 3487 3487 3487 3487 3487 3487 3487 3487 3487 3487 3487 3487 3487 3487
PHP PHP_Medium_Threat Stored_Relative_Path_Traversal Medium 8035 8035 8035 8035
PHP PHP_Medium_Threat Stored_Unsafe_Reflection Medium 3486 3486 3486 3486 3486 3486 3486 3486 3486 3486 3486 3486 3486
PHP PHP_Medium_Threat Unchecked_Input_for_Loop_Condition Medium 7946 7946 7946 7946
PHP PHP_Medium_Threat Use_of_Cryptographically_Weak_PRNG Medium 7941 7941 7941 7941
PHP PHP_Medium_Threat Use_of_Hard_coded_Cryptographic_Key Medium 1338 1338 1338 1338 1338 1338 1338 1338 1338 1338 1338 1338 1338 1338 1338 1338 1338
PHP PHP_Medium_Threat Use_of_Hardcoded_Cryptographic_IV_in_Server Medium 8039 8039 8039 8039
PHP PHP_Medium_Threat User_Controlled_Dynamic_Variable Medium 2717 2717 2717 2717 2717 2717
PHP PHP_Medium_Threat Value_Shadowing Medium 8040 8040 8040 8040
PLSQL PLSQL_Best_Coding_Practice Unchecked_Error_Condition Information 2648 2648 2648 2648 2648 2648 2648
PLSQL PLSQL_Best_Coding_Practice Use_of_Potentially_Dangerous_Function Information 2649 2649 2649 2649 2649 2649 2649
PLSQL PLSQL_High_Risk Reflected_XSS_All_Clients High 2643 2643 2643 2643 2643 2643 2643 2643 2643 2643 2643 2643 2643 2643
2643 2643 2643 2643
PLSQL PLSQL_High_Risk Resource_Injection High 2644 2644 2644 2644 2644 2644 2644 2644 2644 2644 2644 2644 2644 2644
2644 2644 2644
PLSQL PLSQL_High_Risk Second_Order_SQL_Injection High 2645 2645 2645 2645 2645 2645 2645 2645 2645 2645 2645 2645 2645 2645
2645 2645 2645
PLSQL PLSQL_High_Risk SQL_Injection High 2646 2646 2646 2646 2646 2646 2646 2646 2646 2646 2646 2646 2646 2646
2646 2646 2646 2646
PLSQL PLSQL_High_Risk Stored_XSS High 2647 2647 2647 2647 2647 2647 2647 2647 2647 2647 2647 2647 2647 2647
2647 2647 2647
PLSQL PLSQL_Low_Visibility Authorization_Bypass_Through_User_Controlled_SQL_PrimaryKey Low 2636 2636 2636 2636 2636 2636 2636 2636 2636 2636 2636
PLSQL PLSQL_Low_Visibility Default_Definer_Rights_in_Method_Definition Low 2637 2637 2637 2637 2637 2637 2637 2637
PLSQL PLSQL_Low_Visibility Exposure_of_System_Data Low 2638 2638 2638 2638 2638 2638 2638 2638 2638 2638 2638
PLSQL PLSQL_Low_Visibility Improper_Resource_Shutdown_or_Release Low 2639 2639 2639 2639 2639 2639 2639 2639
PLSQL PLSQL_Low_Visibility Reversible_One_Way_Hash Low 2640 2640 2640 2640 2640 2640 2640 2640 2640
PLSQL PLSQL_Low_Visibility Trust_Boundary_Violation_in_Session_Variables Low 2634 2634 2634 2634 2634 2634 2634 2634 2634 2634 2634 2634 2634 2634
PLSQL PLSQL_Low_Visibility Use_Of_Broken_Or_Risky_Cryptographic_Algorithm Low 2641 2641 2641 2641 2641 2641 2641 2641 2641 2641 2641 2641 2641 2641 2641
PLSQL PLSQL_Low_Visibility Use_Of_Hardcoded_Password Low 2642 2642 2642 2642 2642 2642 2642 2642 2642 2642 2642 2642 2642 2642 2642 2642
PLSQL PLSQL_Medium_Threat Dangling_Database_Cursor Medium 2678 2678 2678 2678 2678 2678 2678 2678 2678
PLSQL PLSQL_Medium_Threat Default_Definer_Rights_in_Package_or_Object_Definition Medium 2626 2626 2626 2626 2626 2626 2626 2626 2626 2626 2626
PLSQL PLSQL_Medium_Threat DoS_By_Sleep Medium 2627 2627 2627 2627 2627 2627 2627 2627 2627 2627 2627 2627 2627 2627
PLSQL PLSQL_Medium_Threat HTTP_Response_Splitting Medium 2628 2628 2628 2628 2628 2628 2628 2628 2628 2628 2628 2628 2628 2628
PLSQL PLSQL_Medium_Threat Improper_Privilege_Management Medium 2629 2629 2629 2629 2629 2629 2629 2629 2629 2629 2629
PLSQL PLSQL_Medium_Threat Open_Redirect Medium 2630 2630 2630 2630 2630 2630 2630 2630 2630 2630 2630 2630 2630 2630 2630
PLSQL PLSQL_Medium_Threat Parameter_Tampering Medium 2631 2631 2631 2631 2631 2631 2631 2631 2631 2631 2631 2631 2631 2631
PLSQL PLSQL_Medium_Threat Plaintext_Storage_of_a_Password Medium 2632 2632 2632 2632 2632 2632 2632 2632 2632 2632 2632 2632 2632 2632 2632
PLSQL PLSQL_Medium_Threat Privacy_Violation Medium 2633 2633 2633 2633 2633 2633 2633 2633 2633 2633 2633 2633 2633 2633 2633 2633 2633
PLSQL PLSQL_Medium_Threat Use_of_Insufficiently_Random_Values Medium 2635 2635 2635 2635 2635 2635 2635 2635 2635 2635 2635 2635 2635 2635 2635
Python Python_AWS_Lambda AWS_Credentials_Leak High 7444 7444 7444 7444 7444
Python Python_AWS_Lambda DynamoDB_NoSQL_Injection High 7458 7458 7458 7458 7458 7458 7458 7458 7458
Python Python_AWS_Lambda Hardcoded_AWS_Credentials Low 7434 7434 7434 7434 7434 7434 7434 7434
Python Python_AWS_Lambda Permission_Manipulation_in_S3 Medium 7469 7469 7469 7469 7469 7469 7469 7469 7469
Python Python_AWS_Lambda Race_Condition_Global_Scope Medium 7464 7464 7464 7464 7464 7464 7464
Python Python_AWS_Lambda Unrestricted_Delete_S3 Low 8251 8251 8251 8251 8251 8251 8251 8251

Page 29 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
Python Python_AWS_Lambda Unrestricted_Read_S3 Low 7465 7465 7465 7465 7465 7465 7465 7465
Python Python_AWS_Lambda Unrestricted_Write_S3 Low 7466 7466 7466 7466 7466 7466 7466 7466
Python Python_AWS_Lambda Use_of_Hardcoded_Cryptographic_Key_On_Server Medium 7462 7462 7462 7462 7462 7462 7462 7462 7462
Python Python_AWS_Lambda User_Based_SDK_Configurations Low 7457 7457 7457 7457 7457
Python Python_Best_Coding_Practice Hardcoded_Absolute_Path Information 3108 3108 3108 3108 3108 3108 3108 3108
Python Python_Best_Coding_Practice Use_of_Unknown_Fields Information 8250 8250
Python Python_High_Risk Code_Injection High 3100 3100 3100 3100 3100 3100 3100 3100 3100 3100 3100 3100 3100 3100 3100 3100 3100
Python Python_High_Risk Command_Injection High 3101 3101 3101 3101 3101 3101 3101 3101 3101 3101 3101 3101 3101 3101 3101 3101
Python Python_High_Risk Connection_String_Injection High 3102 3102 3102 3102 3102 3102 3102 3102 3102 3102 3102 3102 3102 3102 3102 3102 3102
Python Python_High_Risk LDAP_Injection High 3564 3564 3564 3564 3564 3564 3564 3564 3564 3564 3564 3564 3564 3564 3564 3564 3564
Python Python_High_Risk Local_File_Inclusion High 6708 6708 6708 6708 6708 6708 6708 6708 6708 6708
Python Python_High_Risk OS_Access_Violation High 4461 4461 4461 4461 4461 4461 4461 4461 4461
Python Python_High_Risk Reflected_XSS_All_Clients High 3103 3103 3103 3103 3103 3103 3103 3103 3103 3103 3103 3103 3103 3103 3103 3103 3103 3103
Python Python_High_Risk Resource_Injection High 3104 3104 3104 3104 3104 3104 3104 3104 3104 3104 3104 3104 3104 3104 3104 3104 3104
Python Python_High_Risk Second_Order_SQL_Injection High 3105 3105 3105 3105 3105 3105 3105 3105 3105 3105 3105 3105 3105 3105 3105 3105 3105
Python Python_High_Risk SQL_Injection High 3424 3424 3424 3424 3424 3424 3424 3424 3424 3424 3424 3424 3424 3424 3424 3424 3424 3424
Python Python_High_Risk Stored_XSS High 3106 3106 3106 3106 3106 3106 3106 3106 3106 3106 3106 3106 3106 3106 3106 3106 3106
Python Python_High_Risk Unsafe_Deserialization High 4463 4463 4463 4463 4463 4463 4463 4463 4463 4463 4463
Python Python_High_Risk XPath_Injection High 3107 3107 3107 3107 3107 3107 3107 3107 3107 3107 3107 3107 3107 3107 3107 3107 3107
Python Python_Low_Visibility Command_Argument_Injection Low 6714 6714 6714 6714 6714 6714 6714
Python Python_Low_Visibility Cross_Site_History_Manipulation Low
Python Python_Low_Visibility Debug_Enabled Low 3964 3964 3964 3964 3964 3964 3964 3964 3964 3964
Python Python_Low_Visibility Django_Improper_Resource_Access_Authorization Low 6781 6781 6781 6781 6781 6781 6781 6781
Python Python_Low_Visibility Django_Information_Exposure_Through_an_Error_Message Low 6793 6793 6793 6793 6793 6793 6793 6793
Python Python_Low_Visibility Django_Missing_Function_Level_Authorization Low 6780 6780 6780 6780 6780 6780 6780
Python Python_Low_Visibility Improper_Resource_Shutdown_or_Release Low 5824 5824 5824 5824 5824 5824 5824
Python Python_Low_Visibility Information_Exposure_Through_an_Error_Message Low 3109 3109 3109 3109 3109 3109 3109 3109 3109 3109 3109 3109 3109 3109 3109
Python Python_Low_Visibility Insufficiently_Protected_Credentials Low 3748 3748 3748 3748 3748 3748 3748 3748 3748 3748 3748 3748
Python Python_Low_Visibility Log_Forging Low 3110 3110 3110 3110 3110 3110 3110 3110 3110 3110 3110 3110 3110
Python Python_Low_Visibility Marshmallow_Dumping_Without_Validation Low 8249 8249 8249
Python Python_Low_Visibility Missing_Content_Security_Policy Low 5630 5630 5630 5630 5630 5630 5630 5630
Python Python_Low_Visibility Overly_Permissive_Cross_Origin_Resource_Sharing_Policy Low 5421 5421 5421 5421 5421 5421 5421
Python Python_Low_Visibility Password_In_Comment Low 3573 3573 3573 3573 3573 3573 3573 3573 3573 3573 3573 3573
Python Python_Low_Visibility Permissive_Content_Security_Policy Low 5884 5884 5884 5884 5884
Python Python_Low_Visibility Stored_Code_Injection Low 5618 5618 5618 5618 5618 5618 5618 5618 5618 5618 5618 5618 5618 5618
Python Python_Low_Visibility Stored_Command_Argument_Injection Low 6715 6715 6715 6715 6715 6715 6715
Python Python_Low_Visibility Trust_Boundary_Violation_in_Session_Variables Low 3576 3576 3576 3576 3576 3576 3576 3576 3576 3576 3576 3576 3576 3576
Python Python_Low_Visibility Use_of_Broken_or_Risky_Cryptographic_Algorithm Low 6753 6753 6753 6753 6753 6753 6753 6753 6753 6753 6753 6753 6753
Python Python_Low_Visibility Use_Of_Hardcoded_Password Low 3111 3111 3111 3111 3111 3111 3111 3111 3111 3111 3111 3111 3111 3111 3111 3111
Python Python_Medium_Threat Communication_Over_HTTP Medium 6725 6725 6725 6725 6725 6725 6725 6725
Python Python_Medium_Threat Cookie_Poisoning Medium 3571 3571 3571 3571 3571 3571 3571 3571 3571 3571 3571 3571 3571
Python Python_Medium_Threat CSRF Medium 3580 3580 3580 3580 3580 3580 3580 3580 3580 3580 3580 3580 3580 3580 3580
Python Python_Medium_Threat DB_Parameter_Tampering Medium 3557 3557 3557 3557 3557 3557 3557 3557 3557 3557 3557 3557 3557 3557 3557 3557 3557
Python Python_Medium_Threat Django_Missing_Object_Level_Authorization Medium 6785 6785 6785 6785 6785 6785 6785 6785
Python Python_Medium_Threat DoS_by_Sleep Medium 3112 3112 3112 3112 3112 3112 3112 3112 3112 3112 3112 3112 3112 3112
Python Python_Medium_Threat Filtering_Sensitive_Logs Medium 3575 3575 3575 3575 3575 3575 3575 3575 3575 3575 3575 3575
Python Python_Medium_Threat Hardcoded_Password_in_Connection_String Medium 3578 3578 3578 3578 3578 3578 3578 3578 3578 3578 3578
Python Python_Medium_Threat Header_Injection Medium 3572 3572 3572 3572 3572 3572 3572 3572 3572 3572 3572 3572 3572 3572
Python Python_Medium_Threat HttpOnlyCookies_In_Config Medium 6794 6794 6794 6794 6794 6794 6794 6794 6794 6794 6794 6794
Python Python_Medium_Threat Improper_Restriction_of_XXE_Ref Medium 3977 3977 3977 3977 3977 3977 3977 3977 3977 3977 3977 3977 3977 3977
Python Python_Medium_Threat Insecure_Randomness Medium 3565 3565 3565 3565 3565 3565 3565 3565 3565 3565 3565 3565 3565 3565 3565
Python Python_Medium_Threat Missing_HSTS_Header Medium 5409 5409 5409 5409 5409 5409 5409 5409 5409 5409
Python Python_Medium_Threat Missing_Secure_In_Config Medium 6788 6788 6788 6788 6788 6788 6788
Python Python_Medium_Threat Object_Access_Violation Medium 4462 4462 4462 4462 4462 4462 4462 4462 4462 4462
Python Python_Medium_Threat Open_Redirect Medium 3566 3566 3566 3566 3566 3566 3566 3566 3566 3566 3566 3566 3566 3566 3566
Python Python_Medium_Threat Parameter_Tampering Medium 3114 3114 3114 3114 3114 3114 3114 3114 3114 3114 3114 3114 3114 3114
Python Python_Medium_Threat Path_Traversal Medium 3115 3115 3115 3115 3115 3115 3115 3115 3115 3115 3115 3115 3115 3115 3115 3115
Python Python_Medium_Threat Privacy_Violation Medium 3116 3116 3116 3116 3116 3116 3116 3116 3116 3116 3116 3116 3116 3116 3116 3116 3116
Python Python_Medium_Threat ReDoS_In_Replace Medium 3574 3574 3574 3574 3574 3574 3574 3574 3574 3574 3574 3574 3574 3574 3574 3574
Python Python_Medium_Threat ReDoS_Injection Medium 6672 6672 6672 6672 6672 6672 6672 6672
Python Python_Medium_Threat SSL_Verification_Bypass Medium 6724 6724 6724 6724 6724 6724 6724 6724 6724 6724 6724
Python Python_Medium_Threat SSRF Medium 4425 4425 4425 4425 4425 4425 4425 4425 4425 4425 4425 4425 4425
Python Python_Medium_Threat Stored_Command_Injection Medium 6685 6685 6685 6685 6685 6685 6685 6685 6685 6685 6685 6685 6685
Python Python_Medium_Threat Stored_LDAP_Injection Medium 3577 3577 3577 3577 3577 3577 3577 3577 3577 3577 3577 3577 3577 3577 3577
Python Python_Medium_Threat Unchecked_Input_for_Loop_Condition Medium 7415 7415 7415 7415 7415 7415
Python Python_Medium_Threat Uncontrolled_Format_String Medium 5900 5900 5900 5900 5900 5900 5900 5900 5900 5900 5900 5900 5900
Python Python_Medium_Threat Use_of_Hardcoded_Cryptographic_Key Medium 6795 6795 6795 6795 6795 6795 6795 6795 6795 6795 6795
RPG RPG_High_Risk Buffer_Overrun High 6965 6965 6965 6965 6965 6965
RPG RPG_High_Risk Control_Language_Injection High 6988 6988 6988 6988 6988 6988 6988 6988
RPG RPG_High_Risk SQL_Injection High 7035 7035 7035 7035 7035 7035 7035 7035 7035 7035
RPG RPG_Low_Visibility Ignored_Error_Conditions Low 7041 7041 7041 7041 7041 7041 7041
RPG RPG_Low_Visibility Improper_Resource_Shutdown_or_Release Low 7038 7038 7038 7038 7038
RPG RPG_Low_Visibility Information_Exposure_Through_Dump Low 6917 6917 6917 6917

Page 30 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
RPG RPG_Low_Visibility Integer_Overflow Low 7020 7020 7020 7020 7020 7020 7020
RPG RPG_Low_Visibility Library_Search_Order_Hijacking Low 6920 6920 6920 6920
RPG RPG_Low_Visibility Use_of_Broken_or_Risky_Cryptographic_Algorithm Low 6850 6850 6850 6850 6850 6850 6850
RPG RPG_Low_Visibility Use_Of_Hardcoded_Password Low 6964 6964 6964 6964 6964 6964 6964 6964 6964
RPG RPG_Medium_Threat DoS_by_Sleep Medium 7036 7036 7036 7036 7036 7036 7036
RPG RPG_Medium_Threat ReDoS Medium 7037 7037 7037 7037 7037 7037 7037 7037 7037
RPG RPG_Medium_Threat Reflected_Path_Traversal Medium 7006 7006 7006 7006 7006 7006 7006 7006 7006 7006
Ruby Ruby_Best_Coding_Practice Caching_False_In_Production Information 1414 1414
Ruby Ruby_Best_Coding_Practice Declaration_Of_Catch_For_Generic_Exception Information 1419 1419 1419 1419 1419 1419
Ruby Ruby_Best_Coding_Practice Dynamic_Render_Path Information 1416
Ruby Ruby_Best_Coding_Practice Dynamic_SQL_Queries Information 3077 3077 3077 3077 3077 3077 3077 3077 3077 3077
Ruby Ruby_Best_Coding_Practice Global_Variables_Without_Meaningful_Name Information 1417
Ruby Ruby_Best_Coding_Practice Hardcoded_Absolute_Path Information 1516 1516 1516 1516 1516 1516 1516 1516
Ruby Ruby_Best_Coding_Practice Import_Relative_To_File Information 1418 1418
Ruby Ruby_Best_Coding_Practice Unchecked_Error_Condition Information 1415 1415 1415 1415 1415 1415 1415
Ruby Ruby_Best_Coding_Practice Unclosed_Objects Information 1420 1420
Ruby Ruby_Best_Coding_Practice Use_Of_Global_Variables Information 1421
Ruby Ruby_High_Risk Code_Injection High 1503 1503 1503 1503 1503 1503 1503 1503 1503 1503 1503 1503 1503 1503 1503 1503 1503
Ruby Ruby_High_Risk Command_Injection High 1504 1504 1504 1504 1504 1504 1504 1504 1504 1504 1504 1504 1504 1504 1504
Ruby Ruby_High_Risk Reflected_XSS_All_Clients High 1505 1505 1505 1505 1505 1505 1505 1505 1505 1505 1505 1505 1505 1505 1505 1505 1505 1505
Ruby Ruby_High_Risk Remote_File_Inclusion High 1506 1506 1506 1506 1506 1506 1506 1506 1506 1506 1506 1506 1506 1506 1506 1506 1506
Ruby Ruby_High_Risk Second_Order_SQL_Injection High 1507 1507 1507 1507 1507 1507 1507 1507 1507 1507 1507 1507 1507 1507 1507 1507 1507
Ruby Ruby_High_Risk SQL_Injection High 1508 1508 1508 1508 1508 1508 1508 1508 1508 1508 1508 1508 1508 1508 1508 1508 1508 1508
Ruby Ruby_High_Risk Stored_XSS High 1509 1509 1509 1509 1509 1509 1509 1509 1509 1509 1509 1509 1509 1509 1509 1509 1509
Ruby Ruby_Low_Visibility Attr_accessible_Not_Set Low 1510 1510 1510 1510 1510 1510
Ruby Ruby_Low_Visibility Blind_SQL_Injections Low 1511 1511 1511 1511 1511 1511 1511 1511 1511 1511 1511 1511 1511 1511
Ruby Ruby_Low_Visibility Connection_String_Injection Low 1512 1512 1512 1512 1512 1512 1512 1512 1512 1512 1512 1512 1512 1512 1512
Ruby Ruby_Low_Visibility Cross_Site_History_Manipulation Low
Ruby Ruby_Low_Visibility DB_Information_Leak Low 1513 1513 1513 1513 1513 1513 1513 1513 1513 1513 1513 1513
Ruby Ruby_Low_Visibility Disabling_SAFE_Mode Low 1514 1514 1514 1514 1514 1514 1514
Ruby Ruby_Low_Visibility Full_Error_Reports_In_Production Low 1515 1515 1515 1515 1515 1515 1515 1515 1515 1515 1515 1515 1515
Ruby Ruby_Low_Visibility Improper_Exception_Handling Low 1518 1518 1518 1518 1518 1518 1518 1518 1518 1518 1518
Ruby Ruby_Low_Visibility Improper_Transaction_Handling Low 1519 1519 1519 1519 1519
Ruby Ruby_Low_Visibility Information_Exposure_Through_an_Error_Message Low 1533 1533 1533 1533 1533 1533 1533 1533 1533 1533 1533 1533 1533 1533 1533
Ruby Ruby_Low_Visibility Information_Leak_Through_Persistent_Cookies Low 1527 1527 1527 1527 1527 1527 1527 1527 1527 1527 1527 1527 1527
Ruby Ruby_Low_Visibility Insufficiently_Protected_Credentials Low 1526 1526 1526 1526 1526 1526 1526 1526 1526 1526 1526 1526 1526
Ruby Ruby_Low_Visibility Interactive_Render_Path Low 1520 1520 1520 1520 1520 1520 1520 1520 1520
Ruby Ruby_Low_Visibility Leftover_Debug_Code Low 1521 1521 1521 1521 1521 1521
Ruby Ruby_Low_Visibility Local_File_Inclusion Low 1522 1522 1522 1522 1522 1522 1522 1522 1522
Ruby Ruby_Low_Visibility Log_Forging Low 1523 1523 1523 1523 1523 1523 1523 1523 1523 1523 1523 1523 1523
Ruby Ruby_Low_Visibility No_Protection_From_Forgery Low 1524 1524 1524 1524 1524 1524 1524 1524 1524 1524 1524 1524
Ruby Ruby_Low_Visibility No_Session_Expiration Low 1525 1525 1525 1525 1525 1525 1525 1525 1525 1525 1525 1525
Ruby Ruby_Low_Visibility Open_Redirect Low 1529 1529 1529 1529 1529 1529 1529 1529 1529 1529 1529 1529 1529 1529 1529
Ruby Ruby_Low_Visibility Personal_Info_In_Session Low 1528 1528 1528 1528 1528 1528 1528 1528 1528 1528 1528
Ruby Ruby_Low_Visibility Trust_Boundary_Violation_in_Session_Variables Low 1551 1551 1551 1551 1551 1551 1551 1551 1551 1551 1551 1551 1551 1551
Ruby Ruby_Low_Visibility Use_of_Broken_or_Risky_Cryptographic_Algorithm Low 2219 2219 2219 2219 2219 2219 2219 2219 2219 2219 2219 2219 2219 2219 2219
Ruby Ruby_Low_Visibility Use_of_Dangerous_Functions Low 1531 1531 1531 1531 1531 1531 1531
Ruby Ruby_Low_Visibility Use_Of_Hardcoded_Password Low 1517 1517 1517 1517 1517 1517 1517 1517 1517 1517 1517 1517 1517 1517 1517 1517
Ruby Ruby_Low_Visibility Use_Of_raw Low 1530 1530 1530 1530 1530 1530 1530 1530 1530 1530 1530 1530
Ruby Ruby_Low_Visibility Use_Of_Sanitize_Instead_Of_h Low 1532 1532 1532 1532 1532 1532 1532 1532 1532 1532 1532
Ruby Ruby_Low_Visibility XSS_Evasion_Attack Low 1534 1534 1534 1534 1534 1534 1534 1534 1534 1534 1534 1534 1534 1534
Ruby Ruby_Medium_Threat CSRF Medium 1553 1553 1553 1553 1553 1553 1553 1553 1553 1553 1553 1553 1553 1553 1553
Ruby Ruby_Medium_Threat Dangerous_Send Medium 2710 2710 2710 2710 2710 2710 2710 2710 2710 2710 2710
Ruby Ruby_Medium_Threat DB_Parameter_Tampering Medium 1536 1536 1536 1536 1536 1536 1536 1536 1536 1536 1536 1536 1536 1536 1536 1536 1536
Ruby Ruby_Medium_Threat DB_Tampering Medium 1537 1537 1537 1537 1537 1537 1537 1537 1537 1537 1537 1537 1537 1537 1537
Ruby Ruby_Medium_Threat Default_Routes Medium 1538 1538 1538 1538 1538 1538 1538 1538
Ruby Ruby_Medium_Threat DoS_by_Sleep Medium 1539 1539 1539 1539 1539 1539 1539 1539 1539 1539 1539 1539 1539 1539
Ruby Ruby_Medium_Threat DOS_To_Symbol Medium 2711 2711 2711 2711 2711 2711 2711 2711 2711 2711
Ruby Ruby_Medium_Threat Download_Arbitrary_File Medium 1540 1540 1540 1540 1540 1540 1540 1540 1540
Ruby Ruby_Medium_Threat Filtering_Sensitive_Logs Medium 1542 1542 1542 1542 1542 1542 1542 1542 1542 1542 1542 1542
Ruby Ruby_Medium_Threat Hardcoded_Session_Secret_Token Medium 2712 2712 2712 2712 2712 2712 2712 2712 2712 2712 2712 2712 2712 2712
Ruby Ruby_Medium_Threat Http_Only_Set_To_False Medium 2713 2713 2713 2713 2713 2713 2713 2713 2713 2713 2713 2713
Ruby Ruby_Medium_Threat Insecure_Randomness Medium 1544 1544 1544 1544 1544 1544 1544 1544 1544 1544 1544 1544 1544 1544 1544
Ruby Ruby_Medium_Threat Insufficient_Format_Validation Medium 1545 1545 1545 1545 1545 1545 1545
Ruby Ruby_Medium_Threat Nonvalidated_File_Upload Medium 1546 1546 1546 1546 1546 1546 1546 1546 1546 1546 1546 1546 1546 1546 1546 1546
Ruby Ruby_Medium_Threat Parameter_Tampering Medium 1547 1547 1547 1547 1547 1547 1547 1547 1547 1547 1547 1547 1547 1547
Ruby Ruby_Medium_Threat Path_Traversal Medium 1541 1541 1541 1541 1541 1541 1541 1541 1541 1541 1541 1541 1541 1541 1541 1541
Ruby Ruby_Medium_Threat Privacy_Violation Medium 2121 2121 2121 2121 2121 2121 2121 2121 2121 2121 2121 2121 2121 2121 2121 2121 2121
Ruby Ruby_Medium_Threat Privilege_Escalation Medium
Ruby Ruby_Medium_Threat Remote_Code_Execution Medium 2714 2714 2714 2714 2714 2714 2714 2714 2714 2714 2714 2714 2714 2714
Ruby Ruby_Medium_Threat Short_Session_Key Medium 1549 1549 1549 1549 1549 1549 1549 1549 1549 1549 1549 1549 1549 1549 1549
Ruby Ruby_Medium_Threat SSL_Verification_Bypass Medium 3581 3581 3581 3581 3581 3581 3581 3581 3581 3581 3581 3581
Ruby Ruby_Medium_Threat Stored_Code_Injection Medium 1550 1550 1550 1550 1550 1550 1550 1550 1550 1550 1550 1550 1550 1550 1550 1550 1550

Page 31 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
Ruby Ruby_Medium_Threat Unsafe_Mass_Assignment Medium 1552 1552 1552 1552 1552 1552 1552 1552 1552 1552
Ruby Ruby_Medium_Threat Use_of_Hard_coded_Cryptographic_Key Medium 1543 1543 1543 1543 1543 1543 1543 1543 1543 1543 1543 1543 1543 1543 1543 1543 1543
Ruby Ruby_Vulnerable_Outdated_Versions Outdated_JSON_GEM_Remote_Code Low 2779 2779 2779 2779 2779 2779 2779 2779 2779 2779 2779 2779
Ruby Ruby_Vulnerable_Outdated_Versions Outdated_JSON_Remote_Code_Execution Low 2780 2780 2780 2780 2780 2780 2780 2780 2780 2780 2780 2780
Ruby Ruby_Vulnerable_Outdated_Versions Outdated_Rails_Allows_Bypass_Access_Control Low 2774 2774 2774 2774 2774 2774 2774 2774 2774 2774
Ruby Ruby_Vulnerable_Outdated_Versions Outdated_Rails_Allows_Cross_Site_Request_Forgery Low 2772 2772 2772 2772 2772 2772 2772 2772 2772 2772 2772
Ruby Ruby_Vulnerable_Outdated_Versions Outdated_Rails_Allows_DOS_via_ActiveRecord Low 2778 2778 2778 2778 2778 2778 2778 2778 2778 2778 2778
Ruby Ruby_Vulnerable_Outdated_Versions Outdated_Rails_Allows_SQL_Injection Low 2773 2773 2773 2773 2773 2773 2773 2773 2773 2773 2773 2773 2773
Ruby Ruby_Vulnerable_Outdated_Versions Outdated_Rails_Allows_XSS Low 2781 2781 2781 2781 2781 2781 2781 2781 2781 2781 2781 2781 2781
Scala Scala_Best_Coding_Practice Potential_Usage_of_Vulnerable_Log4J Information 7054 7054 7054 7054 7054 7054 7054
Scala Scala_High_Risk Code_Injection High 4350 4350 4350 4350 4350 4350 4350 4350 4350 4350 4350 4350 4350 4350 4350 4350 4350
Scala Scala_High_Risk Command_Injection High 4351 4351 4351 4351 4351 4351 4351 4351 4351 4351 4351 4351 4351 4351 4351
Scala Scala_High_Risk Connection_String_Injection High 4352 4352 4352 4352 4352 4352 4352 4352 4352 4352 4352 4352 4352 4352 4352 4352
Scala Scala_High_Risk Deserialization_of_Untrusted_Data High 5311 5311 5311 5311 5311 5311 5311 5311 5311 5311 5311 5311
Scala Scala_High_Risk Expression_Language_Injection_MVEL High 8005 8005 8005 8005
Scala Scala_High_Risk Expression_Language_Injection_SPEL High 8009 8009 8009 8009
Scala Scala_High_Risk LDAP_Injection High 4353 4353 4353 4353 4353 4353 4353 4353 4353 4353 4353 4353 4353 4353 4353 4353
Scala Scala_High_Risk Reflected_XSS_All_Clients High 4354 4354 4354 4354 4354 4354 4354 4354 4354 4354 4354 4354 4354 4354 4354 4354 4354 4354
Scala Scala_High_Risk Resource_Injection High 4355 4355 4355 4355 4355 4355 4355 4355 4355 4355 4355 4355 4355 4355 4355 4355
Scala Scala_High_Risk Second_Order_SQL_Injection High 4356 4356 4356 4356 4356 4356 4356 4356 4356 4356 4356 4356 4356 4356 4356 4356 4356
Scala Scala_High_Risk SQL_Injection High 4357 4357 4357 4357 4357 4357 4357 4357 4357 4357 4357 4357 4357 4357 4357 4357 4357 4357
Scala Scala_High_Risk Stored_XSS High 4358 4358 4358 4358 4358 4358 4358 4358 4358 4358 4358 4358 4358 4358 4358 4358 4358
Scala Scala_High_Risk Unsafe_Reflection High 7055 7055 7055 7055 7055 7055
Scala Scala_High_Risk XPath_Injection High 4359 4359 4359 4359 4359 4359 4359 4359 4359 4359 4359 4359 4359 4359 4359 4359
Scala Scala_Low_Visibility Akka_Debug_Loglevel_Enabled Low 4590 4590 4590 4590 4590 4590
Scala Scala_Low_Visibility Akka_Disabling_Hostname_Verification Low 7394 7394 7394 7394
Scala Scala_Low_Visibility Akka_Encrypt_Data_Disabled Low 4595 4595 4595 4595 4595 4595 4595
Scala Scala_Low_Visibility Akka_Missing_Max_Age Low 4594 4594 4594 4594 4594 4594
Scala Scala_Low_Visibility Akka_Serialize_Enabled Low 4588 4588 4588 4588 4588 4588
Scala Scala_Low_Visibility Akka_Untrusted_Mode_Enabled Low 4504 4504 4504 4504 4504 4504 4504 4504
Scala Scala_Low_Visibility Akka_Verbose_Mode_Enabled Low 4586 4586 4586 4586 4586 4586 4586 4586 4586
Scala Scala_Low_Visibility Command_Argument_Injection Low 6949 6949 6949 6949 6949 6949 6949 6949
Scala Scala_Low_Visibility Cross_Site_History_Manipulation Low
Scala Scala_Low_Visibility Deprecated_API Low 6969 6969 6969 6969
Scala Scala_Low_Visibility Heap_Inspection Low 4523 4523 4523 4523 4523 4523 4523 4523 4523 4523 4523 4523
Scala Scala_Low_Visibility Integer_Overflow Low 7075 7075 7075 7075 7075 7075 7075
Scala Scala_Low_Visibility JWT_Excessive_Expiration_Time Low 7903 7903 7903
Scala Scala_Low_Visibility JWT_Use_Of_None_Algorithm Low 7782 7782 7782
Scala Scala_Low_Visibility Not_Using_a_Random_IV_with_CBC_Mode Low 6909 6909 6909 6909 6909 6909 6909
Scala Scala_Low_Visibility Open_Redirect Low 7225 7225 7225 7225 7225 7225 7225
Scala Scala_Low_Visibility Overly_Permissive_Cross_Origin_Resource_Sharing_Policy Low 5408 5408 5408 5408 5408 5408 5408
Scala Scala_Low_Visibility Potential_Stored_XSS Low 4471 4471 4471 4471 4471 4471 4471 4471 4471 4471 4471 4471 4471 4471 4471
Scala Scala_Low_Visibility Use_of_Broken_or_Risky_Cryptographic_Algorithm Low 6910 6910 6910 6910 6910 6910 6910
Scala Scala_Low_Visibility Use_of_Hard_coded_Security_Constants Low 6911 6911 6911 6911 6911
Scala Scala_Low_Visibility Use_of_Non_Cryptographic_Random Low 6912 6912 6912 6912 6912 6912 6912
Scala Scala_Low_Visibility Use_of_RSA_Algorithm_without_OAEP Low 6913 6913 6913 6913 6913
Scala Scala_Low_Visibility Use_of_Unsafe_JNI Low 7912 7912 7912
Scala Scala_Medium_Threat Absolute_Path_Traversal Medium 4380 4380 4380 4380 4380 4380 4380 4380 4380 4380 4380 4380 4380 4380
Scala Scala_Medium_Threat Cleartext_Submission_of_Sensitive_Information Medium 4557 4557 4557 4557 4557 4557 4557 4557 4557 4557 4557 4557 4557 4557 4557 4557
Scala Scala_Medium_Threat CSRF Medium 4395 4395 4395 4395 4395 4395 4395 4395 4395 4395 4395 4395 4395 4395 4395
Scala Scala_Medium_Threat Dangerous_File_Inclusion Medium 4382 4382 4382 4382 4382 4382 4382 4382 4382 4382 4382 4382 4382 4382 4382 4382 4382
Scala Scala_Medium_Threat DB_Parameter_Tampering Medium 4383 4383 4383 4383 4383 4383 4383 4383 4383 4383 4383 4383 4383 4383 4383 4383 4383
Scala Scala_Medium_Threat DoS_by_Sleep Medium 4384 4384 4384 4384 4384 4384 4384 4384 4384 4384 4384 4384 4384 4384
Scala Scala_Medium_Threat Excessive_Data_Exposure Medium 8087 8087 8087 8087
Scala Scala_Medium_Threat External_XML_Entities_XXE Medium 6983 6983 6983 6983 6983 6983 6983 6983 6983
Scala Scala_Medium_Threat Hardcoded_password_in_Connection_String Medium 4385 4385 4385 4385 4385 4385 4385 4385 4385 4385 4385
Scala Scala_Medium_Threat HTTP_Response_Splitting Medium 4473 4473 4473 4473 4473 4473 4473 4473 4473 4473 4473 4473 4473 4473
Scala Scala_Medium_Threat HttpOnlyCookies Medium 7165 7165 7165 7165 7165 7165 7165
Scala Scala_Medium_Threat Improper_Locking Medium 4386 4386 4386 4386 4386 4386 4386 4386 4386 4386
Scala Scala_Medium_Threat Inadequate_Encryption_Strength Medium 4600 4600 4600 4600 4600 4600 4600 4600 4600 4600 4600 4600 4600
Scala Scala_Medium_Threat JWT_Lack_Of_Expiration_Time Medium 7783 7783 7783 7783
Scala Scala_Medium_Threat JWT_No_Signature_Verification Medium 7908 7908 7908 7908
Scala Scala_Medium_Threat JWT_Sensitive_Information_Exposure Medium 7907 7907 7907 7907
Scala Scala_Medium_Threat JWT_Use_Of_Hardcoded_Secret Medium 7772 7772 7772 7772
Scala Scala_Medium_Threat Missing_Secure_Flag Medium 7166 7166 7166 7166 7166 7166 7166
Scala Scala_Medium_Threat Multiple_Binds_to_the_Same_Port Medium 4533 4533 4533 4533 4533 4533 4533 4533 4533 4533
Scala Scala_Medium_Threat Parameter_Tampering Medium 4387 4387 4387 4387 4387 4387 4387 4387 4387 4387 4387 4387 4387 4387
Scala Scala_Medium_Threat Plaintext_Storage_of_a_Password Medium 4388 4388 4388 4388 4388 4388 4388 4388 4388 4388 4388 4388 4388 4388 4388
Scala Scala_Medium_Threat Privacy_Violation Medium 4389 4389 4389 4389 4389 4389 4389 4389 4389 4389 4389 4389 4389 4389 4389 4389 4389
Scala Scala_Medium_Threat ReDoS_From_Regex_Injection Medium 4579 4579 4579 4579 4579 4579 4579 4579 4579 4579 4579 4579 4579 4579 4579 4579
Scala Scala_Medium_Threat ReDoS_In_Match Medium 4526 4526 4526 4526 4526 4526 4526 4526 4526 4526 4526 4526 4526 4526 4526 4526
Scala Scala_Medium_Threat ReDoS_In_Pattern Medium 4390 4390 4390 4390 4390 4390 4390 4390 4390 4390 4390 4390 4390 4390 4390 4390
Scala Scala_Medium_Threat ReDoS_In_Replace Medium 4536 4536 4536 4536 4536 4536 4536 4536 4536 4536 4536 4536 4536 4536 4536 4536

Page 32 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
Scala Scala_Medium_Threat Relative_Path_Traversal Medium 7396 7396 7396 7396 7396 7396 7396 7396 7396
Scala Scala_Medium_Threat Same_Seed_in_PRNG Medium 4391 4391 4391 4391 4391 4391 4391 4391 4391 4391 4391 4391 4391 4391
Scala Scala_Medium_Threat Session_Fixation Medium 4543 4543 4543 4543 4543 4543 4543 4543 4543 4543 4543 4543 4543 4543
Scala Scala_Medium_Threat Spring_ModelView_Injection Medium 7910 7910 7910 7910
Scala Scala_Medium_Threat SQL_Injection_Evasion_Attack Medium 4392 4392 4392 4392 4392 4392 4392 4392 4392 4392 4392 4392 4392 4392 4392 4392 4392
Scala Scala_Medium_Threat SSL_Verification_Bypass Medium 7226 7226 7226 7226 7226 7226 7226 7226 7226
Scala Scala_Medium_Threat SSRF Medium 4573 4573 4573 4573 4573 4573 4573 4573 4573 4573 4573 4573
Scala Scala_Medium_Threat Stored_Command_Injection Medium 7909 7909 7909 7909
Scala Scala_Medium_Threat Stored_External_XML_Entities_XXE Medium 6984 6984 6984 6984 6984 6984 6984 6984 6984
Scala Scala_Medium_Threat Stored_LDAP_Injection Medium 4393 4393 4393 4393 4393 4393 4393 4393 4393 4393 4393 4393 4393 4393 4393 4393
Scala Scala_Medium_Threat Unvalidated_Forwards Medium 7911 7911 7911 7911
Scala Scala_Medium_Threat Use_of_a_One_Way_Hash_with_a_Predictable_Salt Medium 6904 6904 6904 6904 6904 6904 6904 6904
Scala Scala_Medium_Threat Use_of_a_One_Way_Hash_without_a_Salt Medium 6907 6907 6907 6907 6907 6907 6907 6907
Scala Scala_Medium_Threat Use_of_Cryptographically_Weak_PRNG Medium 4547 4547 4547 4547 4547 4547 4547 4547 4547 4547 4547 4547 4547 4547 4547
Scala Scala_Medium_Threat Use_of_Hardcoded_Cryptographic_Key Medium 6908 6908 6908 6908 6908 6908 6908 6908 6908
Scala Scala_Medium_Threat XQuery_Injection Medium 4394 4394 4394 4394 4394 4394 4394 4394 4394 4394 4394 4394 4394 4394 4394
Scala Scala_Stored Stored_Code_Injection Low 4554 4554 4554 4554 4554 4554 4554 4554 4554 4554 4554 4554 4554 4554 4554
Scala Scala_Stored Stored_HTTP_Response_Splitting Low 4472 4472 4472 4472 4472 4472 4472 4472 4472 4472 4472
Scala Scala_Stored Stored_Open_Redirect Low 4553 4553 4553 4553 4553 4553 4553 4553 4553 4553 4553
Scala Scala_Stored Stored_XPath_Injection Low 4555 4555 4555 4555 4555 4555 4555 4555 4555 4555 4555 4555 4555
Swift Swift_Best_Coding_Practices Dynamic_SQL_Queries Information 7113 7113 7113 7113 7113 7113 7113
Swift Swift_Best_Coding_Practices Empty_Methods Information 7114 7114 7114
Swift Swift_Best_Coding_Practices Third_Party_Keyboard_Enabled Information 6957 6957 6957 6957 6957 6957 6957 6957 6957
Swift Swift_High_Risk Information_Exposure_Through_Extension High 6830 6830 6830 6830 6830 6830 6830 6830 6830 6830 6830 6830 6830 6830 6830
Swift Swift_High_Risk Resource_Updated_By_URL_Data High 7039 7039 7039 7039 7039 7039 7039 7039
Swift Swift_High_Risk Sensitive_Information_over_HTTP High 6993 6993 6993 6993 6993 6993 6993 6993 6993 6993 6993 6993
Swift Swift_High_Risk Third_Party_Keyboards_On_Sensitive_Field High 6958 6958 6958 6958 6958 6958 6958 6958 6958 6958 6958 6958 6958
Swift Swift_High_Risk Unencrypted_Sensitive_Information_in_Publicly_Accessible_iCloud_Storage High 7106 7106 7106 7106 7106 7106 7106 7106 7106 7106 7106 7106
Swift Swift_High_Risk Unsafe_Reflection High 6929 6929 6929 6929 6929 6929 6929 6929 6929 6929 6929 6929 6929 6929
Swift Swift_High_Risk URL_Scheme_Hijacking High 6960 6960 6960 6960 6960 6960 6960 6960 6960 6960 6960 6960
Swift Swift_Low_Visibility Allowed_Backup Low 7007 7007 7007 7007 7007 7007 7007
Swift Swift_Low_Visibility App_Transport_Security_Bypass Low 7065 7065 7065 7065 7065 7065 7065 7065 7065 7065 7065
Swift Swift_Low_Visibility Encrypted_Sensitive_Information_in_Publicly_Accessible_iCloud_Storage Low 7107 7107 7107 7107 7107 7107 7107 7107 7107
Swift Swift_Low_Visibility Functions_Apple_Recommends_To_Avoid Low 6914 6914 6914 6914 6914 6914 6914 6914 6914
Swift Swift_Low_Visibility Heap_Inspection Low 6923 6923 6923 6923 6923 6923 6923 6923 6923 6923 6923 6923 6923
Swift Swift_Low_Visibility Information_Leak_Through_Response_Caching Low 6919 6919 6919 6919 6919 6919 6919
Swift Swift_Low_Visibility Insufficient_Encryption_Key_Size Low 7066 7066 7066 7066 7066 7066 7066 7066 7066
Swift Swift_Low_Visibility Missing_Certificate_Pinning Low 7021 7021 7021 7021 7021 7021 7021 7021 7021 7021
Swift Swift_Low_Visibility Missing_Device_Lock_Verification Low 6921 6921 6921 6921 6921 6921 6921 6921 6921
Swift Swift_Low_Visibility Missing_Jailbreak_Check Low 6935 6935 6935 6935 6935 6935 6935 6935 6935 6935 6935
Swift Swift_Low_Visibility Null_Password Low 7071 7071 7071 7071 7071 7071
Swift Swift_Low_Visibility Parameter_Tampering Low 7029 7029 7029 7029 7029 7029 7029 7029 7029 7029 7029 7029 7029 7029
Swift Swift_Low_Visibility Password_In_Comment Low 7072 7072 7072 7072 7072 7072 7072 7072
Swift Swift_Low_Visibility Private_Storage_SQL_Injection Low 7064 7064 7064 7064 7064 7064 7064 7064
Swift Swift_Low_Visibility Private_Storage_WebView_JavaScript_Injection Low 7015 7015 7015 7015 7015 7015 7015 7015
Swift Swift_Low_Visibility Secret_Stored_Outside_of_Keychain Low 7108 7108 7108 7108 7108 7108 7108 7108 7108 7108
Swift Swift_Low_Visibility Self_SQL_Injection Low 6831 6831 6831 6831 6831 6831 6831 6831 6831 6831 6831 6831 6831
Swift Swift_Low_Visibility Self_WebView_JavaScript_Injection Low 6968 6968 6968 6968 6968 6968 6968 6968
Swift Swift_Low_Visibility Unencrypted_Sensitive_Information_in_Internal_Storage Low 7109 7109 7109 7109 7109 7109 7109 7109 7109 7109
Swift Swift_Low_Visibility Use_of_Broken_or_Risky_Cryptographic_Algorithm Low 7067 7067 7067 7067 7067 7067 7067 7067 7067 7067
Swift Swift_Low_Visibility Use_of_Hardcoded_Cryptographic_Key Low 7068 7068 7068 7068 7068 7068 7068 7068 7068 7068 7068
Swift Swift_Low_Visibility Use_of_Hardcoded_Password Low 7073 7073 7073 7073 7073 7073 7073 7073 7073 7073 7073
Swift Swift_Low_Visibility Use_of_Insufficiently_Random_Values Low 7069 7069 7069 7069 7069 7069 7069 7069 7069
Swift Swift_Low_Visibility User_Information_in_Publicly_Accessible_iCloud_Storage Low 7110 7110 7110 7110 7110 7110 7110 7110 7110 7110
Swift Swift_Medium_Threat Autocorrection_Keystroke_Logging Medium 7003 7003 7003 7003 7003 7003 7003 7003 7003 7003 7003 7003
Swift Swift_Medium_Threat Communication_over_HTTP Medium 6994 6994 6994 6994 6994 6994 6994 6994 6994 6994 6994 6994
Swift Swift_Medium_Threat Format_String_Attack Medium 7018 7018 7018 7018 7018 7018 7018 7018 7018 7018 7018 7018 7018 7018 7018 7018 7018
Swift Swift_Medium_Threat Improper_Certificate_Validation Medium 6918 6918 6918 6918 6918 6918 6918 6918 6918 6918 6918 6918 6918
Swift Swift_Medium_Threat Information_Exposure_Through_Query_String Medium 6995 6995 6995 6995 6995 6995 6995 6995 6995 6995 6995 6995 6995 6995 6995
Swift Swift_Medium_Threat Pasteboard_Leakage Medium 7042 7042 7042 7042 7042 7042 7042 7042 7042 7042 7042 7042
Swift Swift_Medium_Threat Path_Traversal Medium 7032 7032 7032 7032 7032 7032 7032 7032 7032 7032 7032 7032 7032
Swift Swift_Medium_Threat Public_Storage_SQL_Injection Medium 7063 7063 7063 7063 7063 7063 7063 7063 7063
Swift Swift_Medium_Threat Public_Storage_WebView_JavaScript_Injection Medium 7016 7016 7016 7016 7016 7016 7016 7016 7016
Swift Swift_Medium_Threat ReDoS Medium 6832 6832 6832 6832 6832 6832 6832 6832 6832 6832 6832
Swift Swift_Medium_Threat Screen_Caching Medium 6833 6833 6833 6833 6833 6833 6833 6833 6833
Swift Swift_Medium_Threat SQL_Injection_From_URL_Scheme Medium 6979 6979 6979 6979 6979 6979 6979 6979 6979 6979
Swift Swift_Medium_Threat Unencrypted_Sensitive_Information_in_External_Storage Medium 7111 7111 7111 7111 7111 7111 7111 7111 7111 7111 7111
Swift Swift_Medium_Threat WebView_JavaScript_Injection_From_URL_Scheme Medium 7005 7005 7005 7005 7005 7005 7005 7005 7005
Swift Swift_Medium_Threat XML_External_Entity Medium 6952 6952 6952 6952 6952 6952 6952 6952 6952 6952 6952 6952 6952
VB6 VB6_Heuristic Heuristic_Parameter_Tampering Low 1107 1107 1107 1107 1107 1107 1107 1107 1107 1107 1107
VB6 VB6_Heuristic Heuristic_SQL_Injection Low 1108 1108 1108 1108 1108 1108 1108 1108 1108 1108 1108 1108 1108 1108
VB6 VB6_High_Risk Code_Injection High 2383 2383 2383 2383 2383 2383 2383 2383 2383 2383 2383 2383 2383 2383 2383 2383 2383
VB6 VB6_High_Risk Command_Injection High 1109 1109 1109 1109 1109 1109 1109 1109 1109 1109 1109 1109 1109 1109 1109

Page 33 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
VB6 VB6_High_Risk Connection_String_Injection High 1110 1110 1110 1110 1110 1110 1110 1110 1110 1110 1110 1110 1110 1110 1110 1110
VB6 VB6_High_Risk Second_Order_SQL_Injection High 1111 1111 1111 1111 1111 1111 1111 1111 1111 1111 1111 1111 1111 1111 1111 1111 1111
VB6 VB6_High_Risk SQL_Injection High 1112 1112 1112 1112 1112 1112 1112 1112 1112 1112 1112 1112 1112 1112 1112 1112 1112 1112
VB6 VB6_Low_Visibility Bounds_Check_Disabled Low 1398 1398 1398 1398 1398 1398 1398
VB6 VB6_Low_Visibility Hardcoded_Absolute_Path Information 1113 1113 1113 1113 1113 1113 1113 1113
VB6 VB6_Low_Visibility Improper_Error_Handling Low 2378 2378 2378 2378 2378 2378 2378 2378 2378
VB6 VB6_Low_Visibility Information_Exposure_Through_an_Error_Message Low 2379 2379 2379 2379 2379 2379 2379 2379 2379 2379 2379 2379 2379 2379 2379
VB6 VB6_Low_Visibility Insecure_Randomness Low 2380 2380 2380 2380 2380 2380 2380 2380 2380 2380 2380 2380 2380
VB6 VB6_Low_Visibility Insufficiently_Protected_Credentials Low 1114 1114 1114 1114 1114 1114 1114 1114 1114 1114 1114 1114 1114
VB6 VB6_Low_Visibility Log_Forging Low 2381 2381 2381 2381 2381 2381 2381 2381 2381 2381 2381 2381 2381
VB6 VB6_Low_Visibility Stored_Code_Injection Low 5615 5615 5615 5615 5615 5615 5615 5615 5615 5615 5615 5615 5615 5615
VB6 VB6_Low_Visibility Use_Of_Hardcoded_Password Low 2382 2382 2382 2382 2382 2382 2382 2382 2382 2382 2382 2382 2382 2382 2382 2382
VB6 VB6_Medium_Threat DoS_by_Sleep Medium 1115 1115 1115 1115 1115 1115 1115 1115 1115 1115 1115 1115 1115 1115
VB6 VB6_Medium_Threat Hardcoded_password_in_Connection_String Medium 1117 1117 1117 1117 1117 1117 1117 1117 1117 1117 1117
VB6 VB6_Medium_Threat Parameter_Tampering Medium 1118 1118 1118 1118 1118 1118 1118 1118 1118 1118 1118 1118 1118 1118
VB6 VB6_Medium_Threat Path_Traversal Medium 1116 1116 1116 1116 1116 1116 1116 1116 1116 1116 1116 1116 1116 1116 1116 1116
VB6 VB6_Medium_Threat Privacy_Violation Medium 2122 2122 2122 2122 2122 2122 2122 2122 2122 2122 2122 2122 2122 2122 2122 2122 2122
VbNet VbNet_Best_Coding_Practice Aptca_Methods_Call_Non_Aptca_Methods Information 700 700
VbNet VbNet_Best_Coding_Practice Catch_NullPointerException Information
VbNet VbNet_Best_Coding_Practice Declaration_Of_Catch_For_Generic_Exception Information 713 713 713 713 713 713
VbNet VbNet_Best_Coding_Practice Deprecated_Methods Information 4702 4702
VbNet VbNet_Best_Coding_Practice Detection_of_Error_Condition_Without_Action Information 704 704 704 704 704 704 704
VbNet VbNet_Best_Coding_Practice Direct_Use_of_Sockets Information 716 716 716 716
VbNet VbNet_Best_Coding_Practice Dynamic_SQL_Queries Information 703 703 703 703 703 703 703 703 703 703
VbNet VbNet_Best_Coding_Practice Exposure_of_Resource_to_Wrong_Sphere Information 722 722 722 722 722 722
VbNet VbNet_Best_Coding_Practice GetLastWin32Error_Is_Not_Called_After_Pinvoke Information 705 705 705
VbNet VbNet_Best_Coding_Practice Hardcoded_Absolute_Path Information 785 785 785 785 785 785 785 785
VbNet VbNet_Best_Coding_Practice Hardcoded_Connection_String Information 706 706 706 706 706 706 706 706 706 706 706
VbNet VbNet_Best_Coding_Practice Just_One_of_Equals_and_Hash_code_Defined Information 783 783 783 783
VbNet VbNet_Best_Coding_Practice Leftover_Debug_Code Information 708 708 708 708 708
VbNet VbNet_Best_Coding_Practice Magic_Numbers Information
VbNet VbNet_Best_Coding_Practice Missing_XML_Validation Information 710 710 710 710 710
VbNet VbNet_Best_Coding_Practice Non_Private_Static_Constructors Information 711 711
VbNet VbNet_Best_Coding_Practice NULL_Argument_to_Equals Information 712
VbNet VbNet_Best_Coding_Practice Pages_Without_Global_Error_Handler Information 714 714 714 714 714 714 714
VbNet VbNet_Best_Coding_Practice PersistSecurityInfo_is_True Information 715 715
VbNet VbNet_Best_Coding_Practice Threads_in_WebApp Information 717 717
VbNet VbNet_Best_Coding_Practice Unchecked_Error_Condition Information 702 702 702 702 702 702 702
VbNet VbNet_Best_Coding_Practice Unchecked_Return_Value Information
VbNet VbNet_Best_Coding_Practice Unclosed_Objects Information 718
VbNet VbNet_Best_Coding_Practice Unvalidated_Arguments_Of_Public_Methods Information 720
VbNet VbNet_Best_Coding_Practice Use_of_System_Output_Stream Information 721 721 721 721 721 721
VbNet VbNet_Best_Coding_Practice Use_Of_Uninitialized_Variables Information
VbNet VbNet_Best_Coding_Practice Visible_Pointers Information 723 723 723 723 723 723
VbNet VbNet_Heuristic Heuristic_2nd_Order_SQL_Injection Low 762 762 762 762 762 762 762 762 762 762 762 762 762 762
VbNet VbNet_Heuristic Heuristic_CSRF Low 767 767 767 767 767 767 767 767 767 767 767 767 767
VbNet VbNet_Heuristic Heuristic_DB_Parameter_Tampering Low 763 763 763 763 763 763 763 763 763 763 763 763 763 763
VbNet VbNet_Heuristic Heuristic_Parameter_Tampering Low 764 764 764 764 764 764 764 764 764 764 764
VbNet VbNet_Heuristic Heuristic_SQL_Injection Low 765 765 765 765 765 765 765 765 765 765 765 765 765 765
VbNet VbNet_Heuristic Heuristic_Stored_XSS Low 766 766 766 766 766 766 766 766 766 766 766 766 766 766
VbNet VbNet_High_Risk Code_Injection High 768 768 768 768 768 768 768 768 768 768 768 768 768 768 768 768 768
VbNet VbNet_High_Risk Command_Injection High 769 769 769 769 769 769 769 769 769 769 769 769 769 769 769
VbNet VbNet_High_Risk Connection_String_Injection High 770 770 770 770 770 770 770 770 770 770 770 770 770 770 770
VbNet VbNet_High_Risk Dangerous_File_Upload High 781 781 781 781 781 781 781 781 781 781 781 781 781 781
VbNet VbNet_High_Risk LDAP_Injection High 771 771 771 771 771 771 771 771 771 771 771 771 771 771 771 771
VbNet VbNet_High_Risk Reflected_XSS_All_Clients High 772 772 772 772 772 772 772 772 772 772 772 772 772 772 772 772 772 772
VbNet VbNet_High_Risk Resource_Injection High 773 773 773 773 773 773 773 773 773 773 773 773 773 773 773 773
VbNet VbNet_High_Risk Second_Order_SQL_Injection High 774 774 774 774 774 774 774 774 774 774 774 774 774 774 774 774 774
VbNet VbNet_High_Risk SQL_Injection High 775 775 775 775 775 775 775 775 775 775 775 775 775 775 775 775 775 775
VbNet VbNet_High_Risk Stored_XSS High 776 776 776 776 776 776 776 776 776 776 776 776 776 776 776 776 776
VbNet VbNet_High_Risk UTF7_XSS High 777 777 777 777 777 777 777 777 777 777 777 777 777 777 777 777 777
VbNet VbNet_High_Risk XPath_Injection High 778 778 778 778 778 778 778 778 778 778 778 778 778 778 778 778
VbNet VbNet_Low_Visibility Blind_SQL_Injections Low 779 779 779 779 779 779 779 779 779 779 779 779 779 779
VbNet VbNet_Low_Visibility Cleansing_Canonicalization_and_Comparison_Errors Low 784 784 784 784 784 784
VbNet VbNet_Low_Visibility Client_Side_Only_Validation Low 780 780 780 780 780 780 780 780
VbNet VbNet_Low_Visibility Cross_Site_History_Manipulation Low
VbNet VbNet_Low_Visibility Heap_Inspection Low 3773 3773 3773 3773 3773 3773 3773 3773 3773 3773 3773 3773 3773 3773
VbNet VbNet_Low_Visibility Impersonation_Issue Low 787 787 787 787 787 787 787
VbNet VbNet_Low_Visibility Improper_Encoding_Of_Output Low 4144 4144 4144 4144 4144 4144 4144 4144 4144 4144 4144 4144
VbNet VbNet_Low_Visibility Improper_Exception_Handling Low 788 788 788 788 788 788 788 788 788 788 788
VbNet VbNet_Low_Visibility Improper_Resource_Shutdown_or_Release Low 782 782 782 782 782 782 782 782
VbNet VbNet_Low_Visibility Improper_Session_Management Low 789 789 789 789 789 789 789 789 789
VbNet VbNet_Low_Visibility Improper_Transaction_Handling Low 790 790 790 790 790

Page 34 of 35
Checkmarx VULNERABILITY QUERIES PER PRESET v9.6.2

MOIS(KISA) Secure Coding 2021

OWASP Mobile TOP 10 - 2016

ISO/IEC TS 17961 2013/2016

Apple Secure Coding Guide

High and Medium and Low

OWASP TOP 10 - 2010

OWASP TOP 10 - 2013

OWASP TOP 10 - 2017

OWASP TOP 10 - 2021

ASA Mobile Premium

OWASP TOP 10 API
Checkmarx Express
Checkmarx Default

High and Medium

XSS and SQLi only

Language Name

MISRA_C_2012
Query Severity
Package Name

Error handling

ASA Premium
OWASP ASVS
Empty preset
Default 2014
Query Name

SANS top 25
MISRA_CPP

WordPress
MISRA_C

SEI CERT
Android

Default

Mobile
FISMA

HIPAA

JSSEC

NIST

STIG
PCI
All

XS
VbNet VbNet_Low_Visibility Information_Exposure_Through_an_Error_Message Low 801 801 801 801 801 801 801 801 801 801 801 801 801 801 801
VbNet VbNet_Low_Visibility Information_Leak_Through_Persistent_Cookies Low 795 795 795 795 795 795 795 795 795 795 795 795 795
VbNet VbNet_Low_Visibility Insufficiently_Protected_Credentials Low 794 794 794 794 794 794 794 794 794 794 794 794 794
VbNet VbNet_Low_Visibility JavaScript_Hijacking Low 791 791 791 791 791 791 791 791
VbNet VbNet_Low_Visibility Leaving_Temporary_Files Low 792 792 792 792 792 792 792
VbNet VbNet_Low_Visibility Log_Forging Low 793 793 793 793 793 793 793 793 793 793 793 793 793
VbNet VbNet_Low_Visibility Open_Redirect Low 800 800 800 800 800 800 800 800 800 800 800 800 800 800
VbNet VbNet_Low_Visibility Overly_Permissive_Cross_Origin_Resource_Sharing_Policy Low 5390 5390 5390 5390 5390 5390 5390
VbNet VbNet_Low_Visibility Session_Clearing_Problems Low 796 796 796 796 796 796 796 796 796 796 796 796 796
VbNet VbNet_Low_Visibility Session_Poisoning Low
VbNet VbNet_Low_Visibility Stored_Code_Injection Low 5616 5616 5616 5616 5616 5616 5616 5616 5616 5616 5616 5616 5616 5616
VbNet VbNet_Low_Visibility Thread_Safety_Issue Low 798 798 798 798 798 798 798 798 798
VbNet VbNet_Low_Visibility Trust_Boundary_Violation_in_Session_Variables Low 819 819 819 819 819 819 819 819 819 819 819 819 819 819
VbNet VbNet_Low_Visibility URL_Canonicalization_Issue Low 799 799 799 799 799
VbNet VbNet_Low_Visibility Use_of_Broken_or_Risky_Cryptographic_Algorithm Low 2218 2218 2218 2218 2218 2218 2218 2218 2218 2218 2218 2218 2218 2218
VbNet VbNet_Low_Visibility Use_Of_Hardcoded_Password Low 786 786 786 786 786 786 786 786 786 786 786 786 786 786 786 786
VbNet VbNet_Low_Visibility XSS_Evasion_Attack Low 802 802 802 802 802 802 802 802 802 802 802 802 802 802
VbNet VbNet_Medium_Threat Buffer_Overflow Medium 803 803 803 803 803 803 803 803 803 803 803 803 803 803 803
VbNet VbNet_Medium_Threat CGI_XSS Medium 804 804 804 804 804 804 804 804 804 804 804 804 804 804 804 804
VbNet VbNet_Medium_Threat CSRF Medium 821 821 821 821 821 821 821 821 821 821 821 821 821 821 821
VbNet VbNet_Medium_Threat Data_Filter_Injection Medium 806 806 806 806 806 806 806 806 806 806 806 806 806 806 806 806
VbNet VbNet_Medium_Threat DB_Parameter_Tampering Medium 807 807 807 807 807 807 807 807 807 807 807 807 807 807 807 807 807
VbNet VbNet_Medium_Threat DoS_by_Sleep Medium 808 808 808 808 808 808 808 808 808 808 808 808 808
VbNet VbNet_Medium_Threat Hardcoded_password_in_Connection_String Medium 811 811 811 811 811 811 811 811 811 811 811
VbNet VbNet_Medium_Threat HTTP_Response_Splitting Medium
VbNet VbNet_Medium_Threat Improper_Locking Medium 814 814 814 814 814 814 814 814 814 814
VbNet VbNet_Medium_Threat Integer_Overflow Medium
VbNet VbNet_Medium_Threat No_Request_Validation Medium 3482 3482 3482 3482 3482 3482 3482 3482 3482 3482 3482 3482 3482
VbNet VbNet_Medium_Threat Parameter_Tampering Medium 815 815 815 815 815 815 815 815 815 815 815 815 815
VbNet VbNet_Medium_Threat Path_Traversal Medium 809 809 809 809 809 809 809 809 809 809 809 809 809 809 809 809
VbNet VbNet_Medium_Threat Privacy_Violation Medium 816 816 816 816 816 816 816 816 816 816 816 816 816 816 816 816 816
VbNet VbNet_Medium_Threat Reflected_XSS_Specific_Clients Medium 817 817 817 817 817 817 817 817 817 817 817 817 817 817 817 817
VbNet VbNet_Medium_Threat SQL_Injection_Evasion_Attack Medium 818 818 818 818 818 818 818 818 818 818 818 818 818 818 818 818 818
VbNet VbNet_Medium_Threat Stored_Command_Injection Medium 3517 3517 3517 3517 3517 3517 3517 3517 3517 3517 3517 3517 3517 3517
VbNet VbNet_Medium_Threat Stored_LDAP_Injection Medium 3519 3519 3519 3519 3519 3519 3519 3519 3519 3519 3519 3519 3519 3519 3519
VbNet VbNet_Medium_Threat Stored_XPath_Injection Medium 3518 3518 3518 3518 3518 3518 3518 3518 3518 3518 3518 3518 3518 3518
VbNet VbNet_Medium_Threat Unclosed_Connection Medium
VbNet VbNet_Medium_Threat Unsafe_Object_Binding Medium 4669 4669 4669 4669 4669 4669 4669 4669
VbNet VbNet_Medium_Threat Use_of_Hard_coded_Cryptographic_Key Medium 810 810 810 810 810 810 810 810 810 810 810 810 810 810 810 810 810
VbNet VbNet_Medium_Threat Value_Shadowing Medium 4413 4413 4413 4413 4413 4413 4413 4413 4413 4413
VbNet VbNet_WebConfig CookieLess_Authentication Medium 831 831 831 831 831 831 831 831 831 831
VbNet VbNet_WebConfig CookieLess_Session Medium 832 832 832 832 832 832 832 832
VbNet VbNet_WebConfig CustomError Low 833 833 833 833 833 833 833 833 833 833
VbNet VbNet_WebConfig DebugEnabled Low 834 834 834 834 834 834 834 834 834 834 834 834
VbNet VbNet_WebConfig Elmah_Enabled Medium 5324 5324 5324 5324 5324 5324 5324
VbNet VbNet_WebConfig HardcodedCredentials Medium 835 835 835 835 835 835 835 835 835 835 835
VbNet VbNet_WebConfig HttpOnlyCookies_XSS High 836 836 836 836 836 836 836 836 836 836 836 836
VbNet VbNet_WebConfig Missing_X_Frame_Options Low 3070 3070 3070 3070 3070 3070 3070 3070 3070
VbNet VbNet_WebConfig NonUniqueFormName Low 837 837 837 837 837 837 837 837
VbNet VbNet_WebConfig Password_In_Configuration_File Low 2963 2963 2963 2963 2963 2963 2963 2963 2963 2963 2963
VbNet VbNet_WebConfig RequireSSL Medium 838 838 838 838 838 838 838 838 838 838 838 838 838 838
VbNet VbNet_WebConfig SlidingExpiration Low 839 839 839 839 839 839 839 839 839 839 839
VbNet VbNet_WebConfig TraceEnabled Medium 840 840 840 840 840 840 840 840 840
VbScript VbScript_High_Risk DOM_Code_Injection High 845 845 845 845 845 845 845 845 845 845 845 845 845 845 845 845 845
VbScript VbScript_High_Risk DOM_XSS High 849 849 849 849 849 849 849 849 849 849 849 849 849 849 849 849 849 849
VbScript VbScript_Low_Visibility Cookies_Inspection Low 844 844 844 844 844 844 844 844
VbScript VbScript_Low_Visibility DOM_Open_Redirect Low 847 847 847 847 847 847 847 847 847 847 847 847 847 847
VbScript VbScript_Low_Visibility Weak_Password_Authentication Low 862 862 862 862 862 862 862 862
VbScript VbScript_Medium_Threat Client_DoS_By_Sleep Medium 842 842 842 842 842 842 842 842 842 842 842 842 842
VbScript VbScript_Medium_Threat Client_Untrusted_Activex Medium 843 843 843 843 843 843 843 843 843 843
VbScript VbScript_Medium_Threat DOM_Cookie_Poisoning Medium 846 846 846 846 846 846 846 846 846 846 846 846 846 846
VbScript VbScript_Medium_Threat DOM_CSRF Medium 848 848 848 848 848 848 848 848 848 848 848 848 848 848 848

Page 35 of 35