OWASP-Benchmark · AkashSahai · Mar 24, 2026 · Mar 24, 2026 · Mar 27, 2026 · Mar 31, 2026
diff --git a/plugin/src/main/java/org/owasp/benchmarkutils/score/parsers/HCLAppScanIASTReader.java b/plugin/src/main/java/org/owasp/benchmarkutils/score/parsers/HCLAppScanIASTReader.java
@@ -75,8 +75,13 @@ private void createVulnerabilitiesMap() {
         vulnerabilityToCweNumber.put("attFileUploadXXE", CweNumber.XXE);
         vulnerabilityToCweNumber.put("attCrossSiteRequestForgery", CweNumber.CSRF);
         vulnerabilityToCweNumber.put("passParamGET", CweNumber.UNPROTECTED_CREDENTIALS_TRANSPORT);
-        vulnerabilityToCweNumber.put("attJavaDeserCodeExec", CweNumber.COMMAND_INJECTION);
+        vulnerabilityToCweNumber.put("attJavaDeserCodeExec", CweNumber.INSECURE_DESERIALIZATION);
+        vulnerabilityToCweNumber.put("DeserializationOfUntrustedData", CweNumber.INSECURE_DESERIALIZATION);
         vulnerabilityToCweNumber.put("GV_JSONXSS", CweNumber.XSS);
+        vulnerabilityToCweNumber.put("attRedirectInURL", CweNumber.OPEN_REDIRECT);
+        vulnerabilityToCweNumber.put("attReferrerPolicyHeaderExist", CweNumber.DONTCARE);
+        vulnerabilityToCweNumber.put("DetectedAPIs", CweNumber.DONTCARE);
+        vulnerabilityToCweNumber.put("attBlindCodeInjection", 94);
     }
 
     @Override