CWE-20 - Improper input validation

Description

The product isn't able to perform a proper verification of input. Such problems can influence program data flow handling.
In case of absence of proper input checking attackers can create and input data causing changes of control flow, arbitrary control of a resource, or arbitrary code execution.
The weakness is introduced during Architecture and Design, Implementation stages. It allows offenders:
-to bring the program to stop;
-to provoke excessive spending of the resources;
-to read and compromise private data;
-to set arbitrary command execution.

Latest vulnerabilities for CWE-20

Multiple vulnerabilities in Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager and Safety Manager SC 2024-04-26
High Yes

Multiple vulnerabilities in ownCloud Server 2024-04-25
Low Yes

Denial of service in ownCloud Server 2024-04-25
Low Yes

Multiple vulnerabilities in IBM Security Verify Governance - Identity Manager, Container 2024-04-25
High Yes

Improper input validation in IBM Event Processing 2024-04-25
High Yes

Multiple vulnerabilities in IBM Event Streams 2024-04-25
Medium Yes

Multiple vulnerabilities in IBM eDiscovery Manager 2024-04-25
High Yes

Denial of service in PowerDNS Recursor 2024-04-24
Medium Yes

Multiple vulnerabilities in IBM Security Verify Governance 2024-04-24
High Yes

Multiple vulnerabilities in IBM MobileFirst Platform Foundation 2024-04-24
High Yes

References

Description of CWE-20 on Mitre website