| HasMember |
 Category - a CWE entry that contains a set of other entries that share a common characteristic. |
16 |
Configuration
|
| HasMember |
 Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
20 |
Improper Input Validation
|
| HasMember |
 Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
32 |
Path Traversal: '...' (Triple Dot)
|
| HasMember |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
33 |
Path Traversal: '....' (Multiple Dot)
|
| HasMember |
 Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
73 |
External Control of File Name or Path
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
91 |
XML Injection (aka Blind XPath Injection)
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
99 |
Improper Control of Resource Identifiers ('Resource Injection')
|
| HasMember |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
103 |
Struts: Incomplete validate() Method Definition
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
114 |
Process Control
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
131 |
Incorrect Calculation of Buffer Size
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
159 |
Improper Handling of Invalid Use of Special Elements
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
170 |
Improper Null Termination
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
172 |
Encoding Error
|
| HasMember |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
192 |
Integer Coercion Error
|
| HasMember |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
194 |
Unexpected Sign Extension
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
200 |
Exposure of Sensitive Information to an Unauthorized Actor
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
202 |
Exposure of Sensitive Information Through Data Queries
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
208 |
Observable Timing Discrepancy
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
213 |
Exposure of Sensitive Information Due to Incompatible Policies
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
226 |
Sensitive Information in Resource Not Removed Before Reuse
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
228 |
Improper Handling of Syntactically Invalid Structure
|
| HasMember |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
234 |
Failure to Handle Missing Parameter
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
250 |
Execution with Unnecessary Privileges
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
257 |
Storing Passwords in a Recoverable Format
|
| HasMember |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
259 |
Use of Hard-coded Password
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
264 |
Permissions, Privileges, and Access Controls
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
267 |
Privilege Defined With Unsafe Actions
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
269 |
Improper Privilege Management
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
271 |
Privilege Dropping / Lowering Errors
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
272 |
Least Privilege Violation
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
274 |
Improper Handling of Insufficient Privileges
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
280 |
Improper Handling of Insufficient Permissions or Privileges
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
282 |
Improper Ownership Management
|
| HasMember |
 Pillar - a weakness that is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things. |
284 |
Improper Access Control
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
286 |
Incorrect User Management
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
287 |
Improper Authentication
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
300 |
Channel Accessible by Non-Endpoint
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
301 |
Reflection Attack in an Authentication Protocol
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
319 |
Cleartext Transmission of Sensitive Information
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
320 |
Key Management Errors
|
| HasMember |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
321 |
Use of Hard-coded Cryptographic Key
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
327 |
Use of a Broken or Risky Cryptographic Algorithm
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
328 |
Use of Weak Hash
|
| HasMember |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
329 |
Generation of Predictable IV with CBC Mode
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
330 |
Use of Insufficiently Random Values
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
331 |
Insufficient Entropy
|
| HasMember |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
332 |
Insufficient Entropy in PRNG
|
| HasMember |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
333 |
Improper Handling of Insufficient Entropy in TRNG
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
334 |
Small Space of Random Values
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
335 |
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
|
| HasMember |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
336 |
Same Seed in Pseudo-Random Number Generator (PRNG)
|
| HasMember |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
337 |
Predictable Seed in Pseudo-Random Number Generator (PRNG)
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
338 |
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
| HasMember |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
339 |
Small Seed Space in PRNG
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
340 |
Generation of Predictable Numbers or Identifiers
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
341 |
Predictable from Observable State
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
342 |
Predictable Exact Value from Previous Values
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
343 |
Predictable Value Range from Previous Values
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
345 |
Insufficient Verification of Data Authenticity
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
346 |
Origin Validation Error
|
| HasMember |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
350 |
Reliance on Reverse DNS Resolution for a Security-Critical Action
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
359 |
Exposure of Private Personal Information to an Unauthorized Actor
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
362 |
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
372 |
Incomplete Internal State Distinction
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
385 |
Covert Timing Channel
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
387 |
Signal Errors
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
391 |
Unchecked Error Condition
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
400 |
Uncontrolled Resource Consumption
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
428 |
Unquoted Search Path or Element
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
441 |
Unintended Proxy or Intermediary ('Confused Deputy')
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
446 |
UI Discrepancy for Security Feature
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
451 |
User Interface (UI) Misrepresentation of Critical Information
|
| HasMember |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
453 |
Insecure Default Variable Initialization
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
466 |
Return of Pointer Value Outside of Expected Range
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
502 |
Deserialization of Untrusted Data
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
514 |
Covert Channel
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
515 |
Covert Storage Channel
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
538 |
Insertion of Sensitive Information into Externally-Accessible File or Directory
|
| HasMember |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
600 |
Uncaught Exception in Servlet
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
610 |
Externally Controlled Reference to a Resource in Another Sphere
|
| HasMember |
 View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries). |
635 |
Weaknesses Originally Used by NVD from 2008 to 2016
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
640 |
Weak Password Recovery Mechanism for Forgotten Password
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
654 |
Reliance on a Single Factor in a Security Decision
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
655 |
Insufficient Psychological Acceptability
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
657 |
Violation of Secure Design Principles
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
662 |
Improper Synchronization
|
| HasMember |
Pillar - a weakness that is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things. |
664 |
Improper Control of a Resource Through its Lifetime
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
667 |
Improper Locking
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
670 |
Always-Incorrect Control Flow Implementation
|
| HasMember |
Pillar - a weakness that is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things. |
697 |
Incorrect Comparison
|
| HasMember |
Pillar - a weakness that is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things. |
707 |
Improper Neutralization
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
708 |
Incorrect Ownership Assignment
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
732 |
Incorrect Permission Assignment for Critical Resource
|
| HasMember |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
760 |
Use of a One-Way Hash with a Predictable Salt
|
| HasMember |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
761 |
Free of Pointer not at Start of Buffer
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
763 |
Release of Invalid Pointer or Reference
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
764 |
Multiple Locks of a Critical Resource
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
765 |
Multiple Unlocks of a Critical Resource
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
767 |
Access to Critical Private Variable via Public Method
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
772 |
Missing Release of Resource after Effective Lifetime
|
| HasMember |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
780 |
Use of RSA Algorithm without OAEP
|
| HasMember |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
784 |
Reliance on Cookies without Validation and Integrity Checking in a Security Decision
|
| HasMember |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
785 |
Use of Path Manipulation Function without Maximum-sized Buffer
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
798 |
Use of Hard-coded Credentials
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
820 |
Missing Synchronization
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
821 |
Incorrect Synchronization
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
822 |
Untrusted Pointer Dereference
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
823 |
Use of Out-of-range Pointer Offset
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
824 |
Access of Uninitialized Pointer
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
825 |
Expired Pointer Dereference
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
915 |
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
917 |
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
922 |
Insecure Storage of Sensitive Information
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
924 |
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
|
| HasMember |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
925 |
Improper Verification of Intent by Broadcast Receiver
|
| HasMember |
View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries). |
1003 |
Weaknesses for Simplified Mapping of Published Vulnerabilities
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1037 |
Processor Optimization Removal or Modification of Security-critical Code
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1188 |
Initialization of a Resource with an Insecure Default
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1204 |
Generation of Weak Initialization Vector (IV)
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1240 |
Use of a Cryptographic Primitive with a Risky Implementation
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1241 |
Use of Predictable Algorithm in Random Number Generator
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1253 |
Incorrect Selection of Fuse Values
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1254 |
Incorrect Comparison Logic Granularity
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1259 |
Improper Restriction of Security Token Assignment
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1260 |
Improper Handling of Overlap Between Protected Memory Ranges
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
1263 |
Improper Physical Access Control
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1264 |
Hardware Logic with Insecure De-Synchronization between Control and Data Channels
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1266 |
Improper Scrubbing of Sensitive Data from Decommissioned Device
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1268 |
Policy Privileges are not Assigned Consistently Between Control and Data Agents
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1271 |
Uninitialized Value on Reset for Registers Holding Security Settings
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1273 |
Device Unlock Credential Sharing
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1278 |
Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1282 |
Assumed-Immutable Data is Stored in Writable Memory
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1283 |
Mutable Attestation or Measurement Reporting Data
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1284 |
Improper Validation of Specified Quantity in Input
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1285 |
Improper Validation of Specified Index, Position, or Offset in Input
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1286 |
Improper Validation of Syntactic Correctness of Input
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1287 |
Improper Validation of Specified Type of Input
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1288 |
Improper Validation of Consistency within Input
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1289 |
Improper Validation of Unsafe Equivalence in Input
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
1294 |
Insecure Security Identifier Mechanism
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1296 |
Incorrect Chaining or Granularity of Debug Components
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1297 |
Unprotected Confidential Information on Device is Accessible by OSAT Vendors
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1301 |
Insufficient or Incomplete Data Removal within Hardware Component
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1303 |
Non-Transparent Sharing of Microarchitectural Resources
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1316 |
Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1319 |
Improper Protection against Electromagnetic Fault Injection (EM-FI)
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1336 |
Improper Neutralization of Special Elements Used in a Template Engine
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1342 |
Information Exposure through Microarchitectural State after Transient Execution
|
| HasMember |
View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries). |
1344 |
Weaknesses in OWASP Top Ten (2021)
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1345 |
OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1346 |
OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1347 |
OWASP Top Ten 2021 Category A03:2021 - Injection
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1348 |
OWASP Top Ten 2021 Category A04:2021 - Insecure Design
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1349 |
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1352 |
OWASP Top Ten 2021 Category A06:2021 - Vulnerable and Outdated Components
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1353 |
OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1354 |
OWASP Top Ten 2021 Category A08:2021 - Software and Data Integrity Failures
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1355 |
OWASP Top Ten 2021 Category A09:2021 - Security Logging and Monitoring Failures
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1356 |
OWASP Top Ten 2021 Category A10:2021 - Server-Side Request Forgery (SSRF)
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
1357 |
Reliance on Insufficiently Trustworthy Component
|
| HasMember |
View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries). |
1358 |
Weaknesses in SEI ETF Categories of Security Vulnerabilities in ICS
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1359 |
ICS Communications
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1360 |
ICS Dependencies (& Architecture)
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1361 |
ICS Supply Chain
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1362 |
ICS Engineering (Constructions/Deployment)
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1363 |
ICS Operations (& Maintenance)
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1364 |
ICS Communications: Zone Boundary Failures
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1365 |
ICS Communications: Unreliability
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1366 |
ICS Communications: Frail Security in Protocols
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1367 |
ICS Dependencies (& Architecture): External Physical Systems
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1368 |
ICS Dependencies (& Architecture): External Digital Systems
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1369 |
ICS Supply Chain: IT/OT Convergence/Expansion
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1370 |
ICS Supply Chain: Common Mode Frailties
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1371 |
ICS Supply Chain: Poorly Documented or Undocumented Features
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1372 |
ICS Supply Chain: OT Counterfeit and Malicious Corruption
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1373 |
ICS Engineering (Construction/Deployment): Trust Model Problems
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1374 |
ICS Engineering (Construction/Deployment): Maker Breaker Blindness
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1375 |
ICS Engineering (Construction/Deployment): Gaps in Details/Data
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1376 |
ICS Engineering (Construction/Deployment): Security Gaps in Commissioning
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1377 |
ICS Engineering (Construction/Deployment): Inherent Predictability in Design
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1378 |
ICS Operations (& Maintenance): Gaps in obligations and training
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1379 |
ICS Operations (& Maintenance): Human factors in ICS environments
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1380 |
ICS Operations (& Maintenance): Post-analysis changes
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1381 |
ICS Operations (& Maintenance): Exploitable Standard Operational Procedures
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1382 |
ICS Operations (& Maintenance): Emerging Energy Technologies
|
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1383 |
ICS Operations (& Maintenance): Compliance/Conformance with Regulatory Requirements
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1386 |
Insecure Operation on Windows Junction / Mount Point
|
| HasMember |
View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries). |
1424 |
Weaknesses Addressed by ISA/IEC 62443 Requirements
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1426 |
Improper Validation of Generative AI Output
|
Objective
