Yes, the analyzer's reports are classified according to CWE.
Not all but many of them. It's not always easy to find a match between defect and CWE identifier (this concerns not only Java but C++\C# as well).
Only those users with full accounts are able to leave comments. Log in, please.