CWE

CWE (Common Weakness Enumeration) is an industry standard list that provides common names for publicly known software weaknesses. This makes it easier to share data across separate databases and tools. (For more details see the CWE website at: http://cwe.mitre.org/)

AppScan advisories for vulnerabilities that have been assigned a CWE that include the reference number, and a link to the description on the CWE website. Where specific vulnerabilities have their own CWE (in addition to the ID for the issue), this is shown in the Variant Details pane.

You can:

  • View the CWEs for an issue in the advisory for that issue (see How to Fix tab). Click the link to view its description on the CWE website.
  • Include CWEs (as part of the advisory) in reports
  • Search for a particular CWE by searching for its reference number in Test Policy view

For the version of the CWE database used in the current version of AppScan, refer to the Release Notes located in [AppScan Standard installation directory]\Docs. If a daily update changes the database used, the change will be listed in the AppScan Log. To access the log, go to Help > AppScan Log.