| cat | cves | cnas |
|---|---|---|
| problemTypes.lang | 241783 | 346 |
| problemTypes.type | 235008 | 340 |
| problemTypes.cweId | 56338 | 321 |
| problemTypes.description | 105907 | 345 |
Problem types
“Type” in problemTypes
| type | cves | cnas | cna |
|---|---|---|---|
| text | 174850 | 161 | <too many> |
| CWE | 57324 | 320 | <too many> |
| <undefined> | 7372 | 76 | <too many> |
| Impact | 2580 | 1 | microsoft |
| cwe | 365 | 2 | cisco, OX |
| cvw | 61 | 1 | Splunk |
| RCE (Remote Code Execution) | 16 | 1 | atlassian |
| BASM (Broken Authentication & Session Management) | 2 | 1 | atlassian |
| Information Disclosure | 2 | 1 | atlassian |
| Improper Authorization | 2 | 1 | atlassian |
| Injection | 2 | 1 | atlassian |
| Stored XSS | 2 | 1 | atlassian |
| Security Misconfiguration | 1 | 1 | atlassian |
| problem_type | 1 | 1 | apple |
| Other | 1 | 1 | atlassian |
| Open Redirect | 1 | 1 | atlassian |
| File Inclusion | 1 | 1 | atlassian |
| Reflected XSS | 1 | 1 | atlassian |
Looking for CWE through regex
I used a regex “cwe[-_.]\d+” to detect a CWE ID in any of the description or the two cweId and cweid fields. The following table is a count of the CVEs with one or more CWEs found in those fields where the type is specified as shown.
| type | CWE Found | No CWE |
|---|---|---|
| BASM (Broken Authentication & Session Management) | 0 | 2 |
| cvw | 61 | 0 |
| cwe | 365 | 0 |
| CWE | 57324 | 0 |
| File Inclusion | 0 | 1 |
| Impact | 0 | 2580 |
| Improper Authorization | 0 | 2 |
| Information Disclosure | 0 | 2 |
| Injection | 0 | 2 |
| Open Redirect | 0 | 1 |
| Other | 0 | 1 |
| problem_type | 0 | 1 |
| RCE (Remote Code Execution) | 0 | 16 |
| Reflected XSS | 0 | 1 |
| Security Misconfiguration | 0 | 1 |
| Stored XSS | 0 | 2 |
| text | 1 | 174849 |
| NA | 3797 | 3575 |
Because it’s a simple regex we can discover the CWE ID in other places, such as the description. This is limited to the records where a valid CWE field was found.
| CWE in Description | CWE in cweId | cves | cnas |
|---|---|---|---|
| TRUE | TRUE | 54358 | 318 |
| TRUE | FALSE | 5210 | 23 |
| FALSE | TRUE | 1981 | 21 |
Record Completeness
Should there always be a “lang” and “type” and “cweId” or what’s the best combination?
CWE ID
Number off CWEs in CVE records
This section is aggregating any identification of CWE ID in any of the three common fields.
Note that seven CVEs had five (5) unique CWEs in a single CVE record.
CWE’s have different level of Abstractions as well as views and categories. CWE recommends only assigning “Base” CWEs to vulnerabilities.
top CWEs
We can get a better idea of what these are by using the “Comprehensive Categorization” in category 1400. It maps every CWE up to a one of twenty-two high-level categories.
Out of the 63,306 CWEs used in the in the CVEs, 12,095 are identified to be part of the CWE View 1003 (the “NVD Slice”). That is 19.1% of the CWEs found in CVEs.
