vrt 0.3.1.pre.rc1 → 0.3.1.pre.rc2

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,722 @@
1
+ {
2
+ "metadata": {
3
+ "default": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
4
+ },
5
+ "content": [
6
+ {
7
+ "id": "server_security_misconfiguration",
8
+ "children": [
9
+ {
10
+ "id": "unsafe_cross_origin_resource_sharing",
11
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"
12
+ },
13
+ {
14
+ "id": "path_traversal",
15
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
16
+ },
17
+ {
18
+ "id": "directory_listing_enabled",
19
+ "children": [
20
+ {
21
+ "id": "sensitive_data_exposure",
22
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
23
+ },
24
+ {
25
+ "id": "non_sensitive_data_exposure",
26
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
27
+ }
28
+ ]
29
+ },
30
+ {
31
+ "id": "same_site_scripting",
32
+ "cvss_v3": "AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N"
33
+ },
34
+ {
35
+ "id": "ssl_attack_breach_poodle_etc",
36
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"
37
+ },
38
+ {
39
+ "id": "using_default_credentials",
40
+ "children": [
41
+ {
42
+ "id": "production_server",
43
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
44
+ },
45
+ {
46
+ "id": "staging_development_server",
47
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
48
+ }
49
+ ]
50
+ },
51
+ {
52
+ "id": "misconfigured_dns",
53
+ "children": [
54
+ {
55
+ "id": "subdomain_takeover",
56
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"
57
+ },
58
+ {
59
+ "id": "zone_transfer",
60
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
61
+ },
62
+ {
63
+ "id": "missing_caa_record",
64
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N"
65
+ }
66
+ ]
67
+ },
68
+ {
69
+ "id": "mail_server_misconfiguration",
70
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
71
+ "children": [
72
+ {
73
+ "id": "missing_spf_on_email_domain",
74
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
75
+ },
76
+ {
77
+ "id": "email_spoofable_via_third_party_api_misconfiguration",
78
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
79
+ }
80
+ ]
81
+ },
82
+ {
83
+ "id": "lack_of_password_confirmation",
84
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
85
+ "children": [
86
+ {
87
+ "id": "manage_two_fa",
88
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L"
89
+ }
90
+ ]
91
+ },
92
+ {
93
+ "id": "no_rate_limiting_on_form",
94
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
95
+ "children": [
96
+ {
97
+ "id": "login",
98
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
99
+ }
100
+ ]
101
+ },
102
+ {
103
+ "id": "unsafe_file_upload",
104
+ "children": [
105
+ {
106
+ "id": "no_antivirus",
107
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N"
108
+ },
109
+ {
110
+ "id": "no_size_limit",
111
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
112
+ },
113
+ {
114
+ "id": "file_extension_filter_bypass",
115
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
116
+ }
117
+ ]
118
+ },
119
+ {
120
+ "id": "cookie_scoped_to_parent_domain",
121
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
122
+ },
123
+ {
124
+ "id": "missing_secure_or_httponly_cookie_flag",
125
+ "children": [
126
+ {
127
+ "id": "session_token",
128
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
129
+ },
130
+ {
131
+ "id": "non_session_cookie",
132
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
133
+ }
134
+ ]
135
+ },
136
+ {
137
+ "id": "clickjacking",
138
+ "children": [
139
+ {
140
+ "id": "sensitive_action",
141
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
142
+ },
143
+ {
144
+ "id": "non_sensitive_action",
145
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"
146
+ }
147
+ ]
148
+ },
149
+ {
150
+ "id": "oauth_misconfiguration",
151
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
152
+ },
153
+ {
154
+ "id": "captcha_bypass",
155
+ "children": [
156
+ {
157
+ "id": "implementation_vulnerability",
158
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
159
+ },
160
+ {
161
+ "id": "brute_force",
162
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N"
163
+ }
164
+ ]
165
+ },
166
+ {
167
+ "id": "exposed_admin_portal",
168
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
169
+ },
170
+ {
171
+ "id": "missing_dnssec",
172
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N"
173
+ },
174
+ {
175
+ "id": "fingerprinting_banner_disclosure",
176
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
177
+ },
178
+ {
179
+ "id": "username_enumeration",
180
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
181
+ },
182
+ {
183
+ "id": "potentially_unsafe_http_method_enabled",
184
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
185
+ },
186
+ {
187
+ "id": "insecure_ssl",
188
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N"
189
+ },
190
+ {
191
+ "id": "rfd",
192
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N"
193
+ },
194
+ {
195
+ "id": "lack_of_security_headers",
196
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N",
197
+ "children": [
198
+ {
199
+ "id": "cache_control_for_a_sensitive_page",
200
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
201
+ }
202
+ ]
203
+ },
204
+ {
205
+ "id": "bitsquatting",
206
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
207
+ }
208
+ ]
209
+ },
210
+ {
211
+ "id": "server_side_injection",
212
+ "children": [
213
+ {
214
+ "id": "file_inclusion",
215
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
216
+ },
217
+ {
218
+ "id": "parameter_pollution",
219
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
220
+ },
221
+ {
222
+ "id": "remote_code_execution_rce",
223
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
224
+ },
225
+ {
226
+ "id": "sql_injection",
227
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
228
+ },
229
+ {
230
+ "id": "xml_external_entity_injection_xxe",
231
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"
232
+ },
233
+ {
234
+ "id": "http_response_manipulation",
235
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
236
+ },
237
+ {
238
+ "id": "content_spoofing",
239
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N",
240
+ "children": [
241
+ {
242
+ "id": "iframe_injection",
243
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
244
+ },
245
+ {
246
+ "id": "external_authentication_injection",
247
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
248
+ },
249
+ {
250
+ "id": "email_html_injection",
251
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
252
+ }
253
+ ]
254
+ }
255
+ ]
256
+ },
257
+ {
258
+ "id": "broken_authentication_and_session_management",
259
+ "children": [
260
+ {
261
+ "id": "authentication_bypass",
262
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
263
+ },
264
+ {
265
+ "id": "privilege_escalation",
266
+ "cvss_v3": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"
267
+ },
268
+ {
269
+ "id": "weak_login_function",
270
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
271
+ },
272
+ {
273
+ "id": "session_fixation",
274
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"
275
+ },
276
+ {
277
+ "id": "failure_to_invalidate_session",
278
+ "children": [
279
+ {
280
+ "id": "on_logout",
281
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"
282
+ },
283
+ {
284
+ "id": "on_password_reset",
285
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"
286
+ },
287
+ {
288
+ "id": "on_password_change",
289
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"
290
+ },
291
+ {
292
+ "id": "all_sessions",
293
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N"
294
+ },
295
+ {
296
+ "id": "on_email_change",
297
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N"
298
+ },
299
+ {
300
+ "id": "long_timeout",
301
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N"
302
+ }
303
+ ]
304
+ },
305
+ {
306
+ "id": "concurrent_logins",
307
+ "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N"
308
+ },
309
+ {
310
+ "id": "weak_registration_implementation",
311
+ "cvss_v3": "AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
312
+ }
313
+ ]
314
+ },
315
+ {
316
+ "id": "sensitive_data_exposure",
317
+ "children": [
318
+ {
319
+ "id": "critically_sensitive_data",
320
+ "children": [
321
+ {
322
+ "id": "password_disclosure",
323
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
324
+ },
325
+ {
326
+ "id": "private_api_keys",
327
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
328
+ }
329
+ ]
330
+ },
331
+ {
332
+ "id": "exif_geolocation_data_not_stripped_from_uploaded_images",
333
+ "children": [
334
+ {
335
+ "id": "automatic_user_enumeration",
336
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
337
+ },
338
+ {
339
+ "id": "manual_user_enumeration",
340
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
341
+ }
342
+ ]
343
+ },
344
+ {
345
+ "id": "visible_detailed_error_page",
346
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
347
+ "children": [
348
+ {
349
+ "id": "detailed_server_configuration",
350
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
351
+ }
352
+ ]
353
+ },
354
+ {
355
+ "id": "disclosure_of_known_public_information",
356
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
357
+ },
358
+ {
359
+ "id": "token_leakage_via_referer",
360
+ "children": [
361
+ {
362
+ "id": "trusted_3rd_party",
363
+ "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N"
364
+ },
365
+ {
366
+ "id": "untrusted_3rd_party",
367
+ "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"
368
+ },
369
+ {
370
+ "id": "over_http",
371
+ "cvss_v3": "AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"
372
+ }
373
+ ]
374
+ },
375
+ {
376
+ "id": "sensitive_token_in_url",
377
+ "cvss_v3": "AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
378
+ },
379
+ {
380
+ "id": "non_sensitive_token_in_url",
381
+ "cvss_v3": "AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
382
+ },
383
+ {
384
+ "id": "weak_password_reset_implementation",
385
+ "cvss_v3": "AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"
386
+ },
387
+ {
388
+ "id": "mixed_content",
389
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:N"
390
+ },
391
+ {
392
+ "id": "sensitive_data_hardcoded",
393
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
394
+ },
395
+ {
396
+ "id": "internal_ip_disclosure",
397
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
398
+ },
399
+ {
400
+ "id": "xssi",
401
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"
402
+ },
403
+ {
404
+ "id": "json_hijacking",
405
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"
406
+ }
407
+ ]
408
+ },
409
+ {
410
+ "id": "cross_site_scripting_xss",
411
+ "children": [
412
+ {
413
+ "id": "stored",
414
+ "children": [
415
+ {
416
+ "id": "non_admin_to_anyone",
417
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
418
+ },
419
+ {
420
+ "id": "admin_to_anyone",
421
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"
422
+ },
423
+ {
424
+ "id": "self",
425
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
426
+ }
427
+ ]
428
+ },
429
+ {
430
+ "id": "reflected",
431
+ "children": [
432
+ {
433
+ "id": "non_self",
434
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
435
+ },
436
+ {
437
+ "id": "self",
438
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
439
+ }
440
+ ]
441
+ },
442
+ {
443
+ "id": "cookie_based",
444
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:N"
445
+ },
446
+ {
447
+ "id": "ie_only",
448
+ "children": [
449
+ {
450
+ "id": "older_version_ie_10_11",
451
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
452
+ },
453
+ {
454
+ "id": "xss_filter_disabled",
455
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
456
+ },
457
+ {
458
+ "id": "older_version_ie10",
459
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N"
460
+ }
461
+ ]
462
+ },
463
+ {
464
+ "id": "referer",
465
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
466
+ },
467
+ {
468
+ "id": "trace_method",
469
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
470
+ },
471
+ {
472
+ "id": "universal_uxss",
473
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
474
+ },
475
+ {
476
+ "id": "off_domain",
477
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
478
+ }
479
+ ]
480
+ },
481
+ {
482
+ "id": "broken_access_control",
483
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
484
+ "children": [
485
+ {
486
+ "id": "server_side_request_forgery_ssrf",
487
+ "children": [
488
+ {
489
+ "id": "internal",
490
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
491
+ },
492
+ {
493
+ "id": "external",
494
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"
495
+ }
496
+ ]
497
+ },
498
+ {
499
+ "id": "username_enumeration",
500
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
501
+ }
502
+ ]
503
+ },
504
+ {
505
+ "id": "cross_site_request_forgery_csrf",
506
+ "children": [
507
+ {
508
+ "id": "application_wide",
509
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"
510
+ },
511
+ {
512
+ "id": "action_specific",
513
+ "children": [
514
+ {
515
+ "id": "authenticated_action",
516
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N"
517
+ },
518
+ {
519
+ "id": "unauthenticated_action",
520
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
521
+ },
522
+ {
523
+ "id": "logout",
524
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"
525
+ }
526
+ ]
527
+ }
528
+ ]
529
+ },
530
+ {
531
+ "id": "application_level_denial_of_service_dos",
532
+ "children": [
533
+ {
534
+ "id": "critical_impact_and_or_easy_difficulty",
535
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
536
+ },
537
+ {
538
+ "id": "high_impact_and_or_medium_difficulty",
539
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
540
+ },
541
+ {
542
+ "id": "app_crash",
543
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
544
+ }
545
+ ]
546
+ },
547
+ {
548
+ "id": "unvalidated_redirects_and_forwards",
549
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
550
+ "children": [
551
+ {
552
+ "id": "open_redirect",
553
+ "children": [
554
+ {
555
+ "id": "get_based",
556
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
557
+ }
558
+ ]
559
+ }
560
+ ]
561
+ },
562
+ {
563
+ "id": "external_behavior",
564
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
565
+ },
566
+ {
567
+ "id": "insufficient_security_configurability",
568
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
569
+ "children": [
570
+ {
571
+ "id": "no_password_policy",
572
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
573
+ },
574
+ {
575
+ "id": "weak_password_reset_implementation",
576
+ "children": [
577
+ {
578
+ "id": "token_is_not_invalidated_after_use",
579
+ "cvss_v3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
580
+ }
581
+ ]
582
+ }
583
+ ]
584
+ },
585
+ {
586
+ "id": "using_components_with_known_vulnerabilities",
587
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
588
+ "children": [
589
+ {
590
+ "id": "rosetta_flash",
591
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
592
+ }
593
+ ]
594
+ },
595
+ {
596
+ "id": "insecure_data_storage",
597
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
598
+ "children": [
599
+ {
600
+ "id": "sensitive_application_data_stored_unencrypted",
601
+ "children": [
602
+ {
603
+ "id": "on_external_storage",
604
+ "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
605
+ }
606
+ ]
607
+ },
608
+ {
609
+ "id": "server_side_credentials_storage",
610
+ "children": [
611
+ {
612
+ "id": "plaintext",
613
+ "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N"
614
+ }
615
+ ]
616
+ }
617
+ ]
618
+ },
619
+ {
620
+ "id": "lack_of_binary_hardening",
621
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
622
+ },
623
+ {
624
+ "id": "insecure_data_transport",
625
+ "children": [
626
+ {
627
+ "id": "cleartext_transmission_of_sensitive_data",
628
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
629
+ },
630
+ {
631
+ "id": "executable_download",
632
+ "children": [
633
+ {
634
+ "id": "no_secure_integrity_check",
635
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"
636
+ },
637
+ {
638
+ "id": "secure_integrity_check",
639
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:N"
640
+ }
641
+ ]
642
+ }
643
+ ]
644
+ },
645
+ {
646
+ "id": "insecure_os_firmware",
647
+ "children": [
648
+ {
649
+ "id": "command_injection",
650
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
651
+ },
652
+ {
653
+ "id": "hardcoded_password",
654
+ "children": [
655
+ {
656
+ "id": "privileged_user",
657
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
658
+ },
659
+ {
660
+ "id": "non_privileged_user",
661
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
662
+ }
663
+ ]
664
+ }
665
+ ]
666
+ },
667
+ {
668
+ "id": "broken_cryptography",
669
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
670
+ },
671
+ {
672
+ "id": "privacy_concerns",
673
+ "children": [
674
+ {
675
+ "id": "unnecessary_data_collection",
676
+ "children": [
677
+ {
678
+ "id": "wifi_ssid_password",
679
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
680
+ }
681
+ ]
682
+ }
683
+ ]
684
+ },
685
+ {
686
+ "id": "network_security_misconfiguration",
687
+ "children": [
688
+ {
689
+ "id": "telnet_enabled",
690
+ "children": [
691
+ {
692
+ "id": "credentials_required",
693
+ "cvss_v3": "AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
694
+ }
695
+ ]
696
+ }
697
+ ]
698
+ },
699
+ {
700
+ "id": "mobile_security_misconfiguration",
701
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
702
+ },
703
+ {
704
+ "id": "client_side_injection",
705
+ "children": [
706
+ {
707
+ "id": "binary_planting",
708
+ "children": [
709
+ {
710
+ "id": "privilege_escalation",
711
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
712
+ },
713
+ {
714
+ "id": "no_privilege_escalation",
715
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"
716
+ }
717
+ ]
718
+ }
719
+ ]
720
+ }
721
+ ]
722
+ }