Vulnerability
Code Rules in Vulnerability category
| Category | Severity | Name | Description |
|---|---|---|---|
Vulnerability
|
Critical
|
AES encryption algorithm should be used with secured mode
|
AES encryption algorithm should be used with secured mode |
|
Vulnerability
|
Minor
|
Console logging should not be used
|
Console logging should not be used |
|
Vulnerability
|
Critical
|
CoSetProxyBlanket and CoInitializeSecurity should not be used
|
CoSetProxyBlanket and CoInitializeSecurity should not be used |
|
Vulnerability
|
Critical
|
Cryptographic keys should be robust
|
Cryptographic keys should be robust |
|
Vulnerability
|
Critical
|
Database queries should not be vulnerable to injection attacks
|
Database queries should not be vulnerable to injection attacks |
|
Vulnerability
|
Critical
|
DES Crypting
|
DES Crypting should not be used |
|
Vulnerability
|
Critical
|
Encryption algorithms should be used with secure mode and padding scheme
|
Encryption algorithms should be used with secure mode and padding scheme |
|
Vulnerability
|
Minor
|
Generic exceptions should not be ignored
|
Generic exceptions should not be ignored |
|
Vulnerability
|
Critical
|
Hard coded IP address
|
Hard coded IP address should not be used |
|
Vulnerability
|
Critical
|
Hard coded UserId / Password
|
Hard coded UserId / Password for database connection should not be used |
|
Vulnerability
|
Critical
|
I/O function calls should not be vulnerable to path injection attacks
|
I/O function calls should not be vulnerable to path injection attacks |
|
Vulnerability
|
Minor
|
Mutable fields should not be public static
|
Mutable fields should not be public static |
|
Vulnerability
|
Critical
|
OS commands should not be vulnerable to injection attacks
|
OS commands should not be vulnerable to injection attacks |
|
Vulnerability
|
Critical
|
Regular expressions should not be vulnerable to Denial of Service attacks
|
Regular expressions should not be vulnerable to Denial of Service attacks |
|
Vulnerability
|
Critical
|
SHA-1 and Message-Digest hash algorithms should not be used in secure contexts
|
SHA-1 and Message-Digest hash algorithms should not be used in secure contexts |
|
Vulnerability
|
Critical
|
Soap and INET
|
SOAP and INET PowerBuilder objects do not support use of TLS 1.2 and that makes it vulnerable to attacks |