VB.NET
This article covers VB.NET support and vulnerability detection for Mend SAST.
Mend SAST-supported VB.NET file types
**Note: These extensions are marked as ‘Secondary’ file extensions.
They will only be scanned if at least one file with any of the other ‘Primary’ file extensions is present to identify the language as the relevant language.
File Type |
|---|
.aspx** |
.bas** |
.vb |
.vbp** |
.vbproj** |
Mend SAST-supported VB.NET frameworks
Framework |
|---|
N/A |
Mend SAST-supported VB.NET vulnerability types
The VB.NET vulnerability types detected by SAST are provided below, organized by CWE ID within each of their identified severities.
VB.NET high-severity vulnerability types
CWE | Vulnerability Type |
CWE-22 | Path/Directory Traversal |
CWE-73 | File Manipulation |
CWE-78 | Command Injection |
CWE-79 | Cross-Site Scripting |
CWE-89 | SQL Injection |
CWE-94 | Code Injection |
CWE-94 | Server Pages Execution |
CWE-502 | Deserialization of Untrusted Data |
CWE-643 | XPath Injection |
CWE-918 | Server-Side Request Forgery |
VB.NET medium-severity vulnerability types
CWE | Vulnerability Type |
CWE-90 | LDAP Injection |
CWE-209 | Error Messages Information Exposure |
CWE-209 | Console Output |
CWE-244 | Heap Inspection |
CWE-338 | Weak Pseudo-Random |
CWE-400 | Sleep Denial of Service |
CWE-400 | Regex Denial of Service (ReDoS) |
CWE-472 | Hidden HTML Input |
CWE-501 | Trust Boundary Violation |
CWE-611 | XML External Entity (XXE) Injection |
CWE-676 | Miscellaneous Dangerous Functions |
CWE-798 | Hardcoded Password/Credentials |
VB.NET low-severity vulnerability types
CWE | Vulnerability Type |
CWE-20 | Mail Relay |
CWE-20 | Cookie Injection |
CWE-20 | Session Poisoning |
CWE-113 | HTTP Response Splitting |
CWE-113 | HTTP Header Injection |
CWE-117 | Log Forging |
CWE-326 | Weak Encryption Strength |
CWE-434 | File Upload |
CWE-530 | Dangerous File Extensions |
CWE-601 | Unvalidated/Open Redirect |
CWE-916 | Weak Hash Strength |
CWE-941 | Arbitrary Server Connection |
CWE-1004 | Cookie Without 'HttpOnly' Flag |