MITRE Lists 25 Most Harmful Software program Weaknesses of 2024
MITRE has launched its annual record of the highest 25 most harmful software program weaknesses for 2024, highlighting important vulnerabilities that pose vital dangers to software program techniques worldwide.
This record, developed in collaboration with the Cybersecurity and Infrastructure Safety Company (CISA), is an important useful resource for builders, safety professionals, and organizations aiming to bolster their cybersecurity defenses.
The 2024 CWE Prime 25 record identifies essentially the most extreme and prevalent software program weaknesses linked to over 31,770 Widespread Vulnerabilities and Exposures (CVE) information.
Adversaries usually exploit these weaknesses to compromise techniques, steal delicate knowledge, or disrupt important companies. The record relies on an evaluation of CVE information from June 2023 to June 2024, specializing in vulnerabilities included in CISA’s Known Exploited Vulnerabilities (KEV) catalog.
Maximizing Cybersecurity ROI: Skilled Ideas for SME & MSP Leaders – Attend Free Webinar
Prime 10 Most Harmful Software program Weaknesses
Here’s a desk itemizing the highest 25 most harmful software program weaknesses of 2024 based on MITRE:
| Rank | Weak spot Title | CWE ID | Rating | CVEs in KEV | Change |
|---|---|---|---|---|---|
| 1 | Cross-site Scripting | CWE-79 | 56.92 | 3 | +1 |
| 2 | Out-of-bounds Write | CWE-787 | 45.20 | 18 | -1 |
| 3 | SQL Injection | CWE-89 | 35.88 | 4 | 0 |
| 4 | Cross-Web site Request Forgery (CSRF) | CWE-352 | 19.57 | 0 | +5 |
| 5 | Path Traversal | CWE-22 | 12.74 | 4 | +3 |
| 6 | Out-of-bounds Learn | CWE-125 | 11.42 | 3 | +1 |
| 7 | OS Command Injection | CWE-78 | 11.30 | 5 | -2 |
| 8 | Use After Free | CWE-416 | 10.19 | 5 | -4 |
| 9 | Lacking Authorization | CWE-862 | 10.11 | 0 | +2 |
| 10 | Unrestricted Add of File with Harmful Sort | CWE-434 | 10.03 | 0 | 0 |
| 11 | Code Injection | CWE-94 | 7.13 | 7 | +12 |
| 12 | Improper Enter Validation | CWE-20 | 6.78 | 1 | -6 |
| 13 | Command Injection | CWE-77 | 6.74 | 4 | +3 |
| 14 | Improper Authentication | CWE-287 | 5.94 | 4 | -1 |
| 15 | Improper Privilege Administration | CWE-269 | 5.22 | 0 | +7 |
| 16 | Deserialization of Untrusted Information | CWE-502 | 5.07 | 5 | -1 |
| 17 | Publicity of Delicate Data to an Unauthorized Actor | CWE-200 | 5.07 | 0 | +13 |
| 18 | Incorrect Authorization | CWE-863 | 4.05 | 2 | +6 |
| 19 | Server-Facet Request Forgery (SSRF) | CWE-918 | 4.05 | 2 | 0 |
| 20 | Improper Restriction of Operations throughout the Bounds of a Reminiscence Buffer | CWE-119 | 3.69 | 2 | -3 |
| 21 | NULL Pointer Dereference | CWE-476 | 3.58 | 0 | -9 |
| 22 | Use of Onerous-coded Credentials | CWE-798 | 3.46 | 2 | -4 |
| 23 | Integer Overflow or Wraparound | CWE-190 | 3.37 | 3 | -9 |
| 24 | Uncontrolled Useful resource Consumption | CWE-400 | 3.23 | 0 | +13 |
| 25 | Lacking Authentication for Important Operate | CWE-306 | 2.73 | 5 | -5 |
This desk gives a complete overview of the highest 25 software program weaknesses, together with their CWE IDs, scores, variety of CVEs within the Recognized Exploited Vulnerabilities (KEV) catalog, and modifications in rating in comparison with the earlier 12 months.
The CWE Prime 25 record is invaluable for guiding safety investments and insurance policies. By understanding the foundation causes of those vulnerabilities, organizations can implement methods to forestall them from occurring.
This proactive strategy enhances safety and leads to value financial savings by lowering the necessity for post-deployment fixes.
Organizations are inspired to combine the CWE Prime 25 into their software program improvement lifecycle and procurement processes. By prioritizing these weaknesses, firms can mitigate dangers and exhibit a dedication to cybersecurity, enhancing buyer belief.
Adopting Safe by Design practices is essential for builders and safety groups. This includes incorporating safety measures at each stage of software program improvement to forestall vulnerabilities from being launched.
As cyber threats evolve, staying knowledgeable about essentially the most harmful software program weaknesses is important for sustaining sturdy cybersecurity defenses. The 2024 CWE Prime 25 record gives a strategic framework for addressing these challenges and defending important techniques from exploitation.
Are you from SOC/DFIR Groups? – Analyse Malware Recordsdata & Hyperlinks with ANY.RUN -> Try for Free