CWE - CWE-1348: CWE CATEGORY: OWASP Top Ten 2021 Category A04:2021

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" encoding="iso-8859-1"> <head> <base href="https://cwe.mitre.org/data/definitions/1348.html"> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta name="description" content="Common Weakness Enumeration (CWE) is a list of software and hardware weaknesses."> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <link rel="shortcut icon" href="/favicon.ico"> <link href="/css/main.css?version=4.16.111924" rel="stylesheet" type="text/css"> <link href="/css/custom.css" rel="stylesheet" type="text/css"> <script src="/includes/custom_filter.js" language="JavaScript" type="text/javascript"></script> <script src="/includes/browserheight.js" language="JavaScript" type="text/javascript"></script> <script src="/includes/jquery.js" language="JavaScript" type="text/javascript"></script> <script src="/includes/cwe_minimizer.js?version=4.12.062923" language="JavaScript" type="text/javascript"></script> <script src="/includes/cookie.js?version=4.12.062923" language="Javascript" type="text/javascript"></script> <script src="/includes/includeglossarydef.js" language="JavaScript" type="text/javascript"></script> <script src="/includes/custom.js" language="JavaScript" type="text/javascript"></script> <script src="https://cmp.osano.com/AzyhULTdPkqmy4aDN/318aa814-0420-45bb-857d-8fb5fac33ff8/osano.js"></script> <link href="/css/print.css?version=1.11" rel="stylesheet" media="print" type="text/css"> <link href="/css/mappingonly.css" rel="stylesheet" type="text/css"> <noscript> <style type="text/css"> #script { visibility:collapse; visibility:hidden; font-size:0px; height:0px; width:0px } #noscript { visibility:visible; font-size:inherit; height:inherit; width:inherit} </style> </noscript> <title>CWE - CWE-1348: CWE CATEGORY: OWASP Top Ten 2021 Category A04:2021 - Insecure Design (4.16) </title> <meta http-equiv="X-Translated-By" content="Google"> <meta http-equiv="X-Translated-To" content="lv"> <script type="text/javascript" src="https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_GB.omlEigW4xY8.O/am=DgY/d=1/rs=AN8SPfpjsL9kUWY0h-sp7Ilu7hZWGwEmeg/m=corsproxy" data-sourceurl="https://cwe.mitre.org/data/definitions/1348.html"></script> <link href="https://fonts.googleapis.com/css2?family=Material+Symbols+Outlined:opsz,wght,FILL,GRAD@20..48,100..700,0..1,-50..200" rel="stylesheet"> <script type="text/javascript" src="https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_GB.omlEigW4xY8.O/am=DgY/d=1/exm=corsproxy/ed=1/rs=AN8SPfpjsL9kUWY0h-sp7Ilu7hZWGwEmeg/m=phishing_protection" data-phishing-protection-enabled="false" data-forms-warning-enabled="true" data-source-url="https://cwe.mitre.org/data/definitions/1348.html"></script> <meta name="robots" content="none"> </head> <body onload="onloadCookie()"> <script type="text/javascript" src="https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_GB.omlEigW4xY8.O/am=DgY/d=1/exm=corsproxy,phishing_protection/ed=1/rs=AN8SPfpjsL9kUWY0h-sp7Ilu7hZWGwEmeg/m=navigationui" data-environment="prod" data-proxy-url="https://cwe-mitre-org.translate.goog" data-proxy-full-url="https://cwe-mitre-org.translate.goog/data/definitions/1348.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" data-source-url="https://cwe.mitre.org/data/definitions/1348.html" data-source-language="pl" data-target-language="lv" data-display-language="en-GB" data-detected-source-language="" data-is-source-untranslated="false" data-source-untranslated-url="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://cwe.mitre.org/data/definitions/1348.html&anno=2" data-client="tr"></script><a name="top" id="top"></a> <div id="MastHead" style="width:100%"> <div style="width:60%;float:left;padding-top:15px;padding-left:10px;padding-bottom:2px;"><a href="https://cwe-mitre-org.translate.goog/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" style="color:#32498D; text-decoration:none"> <img src="/images/cwe_logo.jpg" width="153" height="55" style="float:left;border:0;margin-right:6px" alt="CWE"> <h1 style="color:#314a8d;font-size:1.5em;font-family:'Verdana',sans-serif;#eee;margin: .1em auto">Common Weakness Enumeration</h1><p style="color:#314a8d;font-family:'Times New Roman';font-style:italic;font-size:1em;#eee;margin:.1em auto 0 auto">A community-developed list of SW & HW weaknesses that can become vulnerabilities</p></a> </div> <div style="float:right;padding-top:0px;text-align:right;padding-left:8px;padding-right:4px;padding-bottom:0px;"> <a href="https://cwe-mitre-org.translate.goog/about/new_to_cwe.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" title="New to CWE click here logo"><img src="/images/new_to_cwe/new_to_cwe_click_here.png" height="90" border="0" alt="New to CWE? click here!" style="text-align:center"></a> </div> <div style="float:right;padding-top:0px;text-align:right;padding-left:0px;padding-right:4px;padding-bottom:0px;"> <a href="https://cwe-mitre-org.translate.goog/scoring/lists/2021_CWE_MIHW.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" title="CWE Most Important Hardware Weaknesses"> <img src="/images/mihw_logo.svg" width="90" border="0" alt="CWE Most Important Hardware Weaknesses" style="vertical-align:bottom"></a> </div> <div style="float:right;padding-top:0px;text-align:right;padding-left:0px;padding-right:4px;padding-bottom:0px;"> <a href="https://cwe-mitre-org.translate.goog/top25/?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" title="CWE Top 25"><img src="/images/cwe_top_25_logo_simple.svg" width="90" border="0" alt="CWE Top 25 Most Dangerous Weaknesses" style="vertical-align:bottom"></a> </div> </div> <div id="HeaderBar" class="noprint"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tbody> <tr> <td width="100%" align="left" style="padding-left:10px; font-size:75%;"><a href="https://cwe-mitre-org.translate.goog/?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Home</a> > <a href="https://cwe-mitre-org.translate.goog/data/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">CWE List</a> > CWE- Individual Dictionary Definition (4.16)  </td> <td align="right" nowrap style="padding-right:12px"> <div class="noprint"> <form action="/cgi-bin/jumpmenu.cgi" align="right" style="padding:0px; margin:0px"> ID <label for="id" style="padding-right:5px">Lookup:</label> <input id="id" name="id" type="text" style="width:50px; font-size:80%" maxlength="10"> <input value="Go" style="padding: 0px; font-size:80%" type="submit"> </form> </div></td> </tr> </tbody> </table> </div> <div class="yesprint"> <hr width="100%" size="1" style="clear:both" color="#000000"> </div> <div class="topnav"> <ul> <li><a href="https://cwe-mitre-org.translate.goog/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Home</a></li> <li> <div class="dropdown"><a href="https://cwe-mitre-org.translate.goog/about/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><button class="dropbtn">About</button> ▼</a> <div class="dropdown-content"><a href="https://cwe-mitre-org.translate.goog/about/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">About</a> <a href="https://cwe-mitre-org.translate.goog/about/new_to_cwe.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">New to CWE</a> <a href="https://cwe-mitre-org.translate.goog/about/user_stories.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">User Stories</a> <a href="https://cwe-mitre-org.translate.goog/about/cwe_videos.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Videos</a> <a href="https://cwe-mitre-org.translate.goog/about/history.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">History</a> <a href="https://cwe-mitre-org.translate.goog/about/documents.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Documents</a> <a href="https://cwe-mitre-org.translate.goog/about/faq.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">FAQs</a> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Glossary</a> </div> </div></li> <li> <div class="dropdown"><a href="https://cwe-mitre-org.translate.goog/data/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><button class="dropbtn">CWE List</button> ▼</a> <div class="dropdown-content"><a href="https://cwe-mitre-org.translate.goog/data/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Latest Version</a> <a href="https://cwe-mitre-org.translate.goog/data/downloads.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Downloads</a> <a href="https://cwe-mitre-org.translate.goog/data/reports.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Reports</a> <a href="https://cwe-mitre-org.translate.goog/data/pdfs.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Visualizations</a> <a href="https://cwe-mitre-org.translate.goog/data/archive.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Archive</a> </div> </div></li> <li> <div class="dropdown"><a href="https://cwe-mitre-org.translate.goog/documents/cwe_usage/guidance.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><button class="dropbtn">Mapping</button> ▼</a> <div class="dropdown-content"><a href="https://cwe-mitre-org.translate.goog/documents/cwe_usage/guidance.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Root Cause Mapping Guidance</a> <a href="https://cwe-mitre-org.translate.goog/documents/cwe_usage/quick_tips.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Root Cause Mapping Quick Tips</a> <a href="https://cwe-mitre-org.translate.goog/documents/cwe_usage/mapping_examples.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Root Cause Mapping Examples</a> </div> </div></li> <li> <div class="dropdown"><a href="https://cwe-mitre-org.translate.goog/scoring/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top_n_lists"><button class="dropbtn">Top-N Lists</button> ▼</a> <div class="dropdown-content"><a href="https://cwe-mitre-org.translate.goog/top25/?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Top 25 Software</a> <a href="https://cwe-mitre-org.translate.goog/scoring/lists/2021_CWE_MIHW.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Top Hardware</a> <a href="https://cwe-mitre-org.translate.goog/top25/archive/2023/2023_kev_list.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Top 10 KEV Weaknesses</a> </div> </div></li> <li> <div class="dropdown"><a href="https://cwe-mitre-org.translate.goog/community/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><button class="dropbtn">Community</button> ▼</a> <div class="dropdown-content"><a href="https://cwe-mitre-org.translate.goog/community/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Community</a> <a href="https://cwe-mitre-org.translate.goog/community/working_groups.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Working Groups & Special Interest Groups</a> <a href="https://cwe-mitre-org.translate.goog/community/board.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Board</a> <a href="https://cwe-mitre-org.translate.goog/community/board.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#boardarchives">Board Meeting Minutes</a> <a href="https://cwe-mitre-org.translate.goog/community/registration.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">CWE Discussion List</a> <a target="_blank" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.mail-archive.com/cwe-research-list@mitre.org/">CWE Discussion Archives</a> <a href="https://cwe-mitre-org.translate.goog/community/submissions/overview.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Contribute Weakness Content to CWE</a> </div> </div></li> <li> <div class="dropdown"><a href="https://cwe-mitre-org.translate.goog/news/?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><button class="dropbtn">News</button> ▼</a> <div class="dropdown-content"><a href="https://cwe-mitre-org.translate.goog/news/?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Current News</a> <a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://twitter.com/CweCapec" target="_blank" rel="noopener noreferrer">X-Twitter <img src="/images/x-logo-black.png" width="12" height="12" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" title="X-Twitter"></a> <a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://mastodon.social/@CWE_Program" target="_blank" rel="noopener noreferrer">Mastodon <img src="/images/mastodon-logo.png" width="14" height="14" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" title="X (formerly Twitter)"></a> <a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.linkedin.com/showcase/cve-cwe-capec" target="_blank" rel="noopener noreferrer">LinkedIn <img src="/images/linkedin_sm.jpg" width="14" height="14" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" title="LinkedIn"></a> <a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.youtube.com/channel/UCpY9VIpRmFK4ebD6orssifA" target="_blank" rel="noopener noreferrer">YouTube <img src="/images/youtube.png" width="14" height="14" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" alt="YouTube"></a> <a href="https://cwe-mitre-org.translate.goog/news/podcast.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Podcast <img src="/images/out_of_bounds_read_logo.png" width="16" height="16" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" alt="Out of Bounds Read Podcast"></a> <a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://medium.com/@CWE_CAPEC" target="_blank" rel="noopener noreferrer">Medium <img src="/images/medium_sm.png" width="14" height="14" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" alt="Medium"></a> <a href="https://cwe-mitre-org.translate.goog/news/archives/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">News Archive</a> </div> </div></li> <li style="border-color:#aaaaaa"><a href="https://cwe-mitre-org.translate.goog/find/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Search</a></li> </ul> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0" id="MainPane"> <tbody> <tr> <td valign="top" rowspan="2" id="LeftPane"> <script type="text/javascript">browserheight();</script></td> <td style="height:1px"></td> <td valign="top" align="center" rowspan="2" nowrap id="RightPane"></td> </tr> <tr> <td valign="top" width="100%" id="Contentpane"> <div id="styled_popup" name="styled_popup" style="display:none; position:fixed; top:300; height:auto; width:300px; z-index:1000"> <table width="300" cellpadding="0" cellspacing="0" border="0" style="border:1px solid #32498D;"> <tbody> <tr style="background-color:#32498D; color:#ffffff;"> <td width="100%" style="padding:1px 5px 1px 5px; border-bottom:1px solid #000000"> <div width="100%" style="font-weight:bold;"> CWE Glossary Definition </div></td> <td nowrap style="padding:1px; border-bottom:1px solid #000000" valign="top"><a href="javascript:styledPopupClose();?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><img src="/images/layout/close.gif" border="0" alt="x"></a></td> </tr> <tr> <td colspan="2" style="background: url(/images/layout/ylgradient.jpg); background-repeat: repeat-x repeat-y; padding:5px; background-color:#FFFFCC; " valign="top"> <div id="output" style="max-height:400px; overflow-y:auto"></div></td> </tr> </tbody> </table> </div><script src="/includes/nav.js" language="JavaScript" type="text/javascript"></script> <noscript> <style>div.collapseblock { display:inline} </style> </noscript>  <a xmlns:xhtml="http://www.w3.org/1999/xhtml" name="1348"></a> <div style="overflow:auto;"> <h2 style="display:inline; margin:0px 0px 2px 0px; vertical-align: text-bottom">CWE CATEGORY: OWASP Top Ten 2021 Category A04:2021 - Insecure Design</h2> <div style="text-align:right; margin:5px 0px 0px 5px; padding-bottom:1px; white-space:nowrap;"></div> </div> <div xmlns:xhtml="http://www.w3.org/1999/xhtml" id="CWEDefinition" class="Category"> <div class="title"> <div class="status"> <table cellpadding="0" cellspacing="0" border="0" width="100%"> <tbody> <tr> <td valign="top" align="left" width="33%" nowrap> <div style="font-weight:bold"> Category ID: 1348 </div><span> <span style="font-weight:bold"> <a href="https://cwe-mitre-org.translate.goog/data/definitions/1348.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Vulnerability_Mapping_Notes_1348">Vulnerability Mapping</a>:<span class="tool"> <span style="color:#FF0000">PROHIBITED</span> <span class="tip">This CWE ID must not be used to map to real-world vulnerabilities</span> </span> </span> <br></span></td> </tr> </tbody> </table> </div> </div> <div id="Summary"> <div class="heading" id="Summary_1348"> <span><a href="javascript:toggleblocksOC('1348_Summary');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><img id="ocimg_1348_Summary" src="/images/head_more.gif" border="0" alt="+"></a> </span>Summary </div> <div name="oc_1348_Summary" id="oc_1348_Summary" class="expandblock"> <div class="detail"> <div class="indent"> Weaknesses in this category are related to the A04 "Insecure Design" category in the OWASP Top Ten 2021. </div> </div> </div> </div> <div id="Membership"> <div class="heading" id="Membership_1348"> <span><a href="javascript:toggleblocksOC('1348_Membership');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><img id="ocimg_1348_Membership" src="/images/head_more.gif" border="0" alt="+"></a> </span>Membership </div> <div name="oc_1348_Membership" id="oc_1348_Membership" class="expandblock"> <div class=""> <div class="indent"> <div xmlns:saxon="http://saxon.sf.net/" xmlns:xalan="http://xml.apache.org/xalan" class="tabledetail" style="padding-top:10px"> <table width="98%" cellpadding="0" cellspacing="0" border="0" id="Detail"> <tbody> <tr> <th valign="top" width="110px">Nature</th> <th valign="top" width="40px">Type</th> <th valign="top" width="50px">ID</th> <th valign="top">Name</th> </tr> </tbody> <tbody> <tr class="primary View"> <td valign="top">MemberOf</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/view.gif" alt="View" class="icon"><span class="tip">View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries).</span></span></td> <td valign="top">1344</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/1344.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Weaknesses in OWASP Top Ten (2021)</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">73</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/73.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">External Control of File Name or Path</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">183</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/183.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Permissive List of Allowed Inputs</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">209</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/209.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Generation of Error Message Containing Sensitive Information</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">213</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/213.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Exposure of Sensitive Information Due to Incompatible Policies</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"><span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">235</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/235.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Improper Handling of Extra Parameters</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">256</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/256.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Plaintext Storage of a Password</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">257</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/257.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Storing Passwords in a Recoverable Format</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">266</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/266.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Incorrect Privilege Assignment</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"><span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span></span></td> <td valign="top">269</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/269.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Improper Privilege Management</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">280</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/280.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Improper Handling of Insufficient Permissions or Privileges </a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"><span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span></span></td> <td valign="top">311</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/311.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Missing Encryption of Sensitive Data</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">312</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/312.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Cleartext Storage of Sensitive Information</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"><span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">313</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/313.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Cleartext Storage in a File or on Disk</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"><span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">316</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/316.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Cleartext Storage of Sensitive Information in Memory</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">419</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/419.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Unprotected Primary Channel</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">430</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/430.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Deployment of Wrong Handler</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">434</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/434.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Unrestricted Upload of File with Dangerous Type</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">444</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/444.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"><span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span></span></td> <td valign="top">451</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/451.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">User Interface (UI) Misrepresentation of Critical Information</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">472</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/472.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">External Control of Assumed-Immutable Web Parameter</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">501</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/501.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Trust Boundary Violation</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"><span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span></span></td> <td valign="top">522</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/522.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Insufficiently Protected Credentials</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"><span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">525</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/525.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Use of Web Browser Cache Containing Sensitive Information</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"><span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">539</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/539.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Use of Persistent Cookies Containing Sensitive Information</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"><span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">579</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/579.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">J2EE Bad Practices: Non-serializable Object Stored in Session</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"><span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">598</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/598.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Use of GET Request Method With Sensitive Query Strings</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"><span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span></span></td> <td valign="top">602</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/602.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Client-Side Enforcement of Server-Side Security</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"><span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span></span></td> <td valign="top">642</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/642.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">External Control of Critical State Data</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"><span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">646</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/646.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Reliance on File Name or Extension of Externally-Supplied File</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"><span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">650</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/650.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Trusting HTTP Permission Methods on the Server Side</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"><span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span></span></td> <td valign="top">653</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/653.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Improper Isolation or Compartmentalization</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"><span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span></span></td> <td valign="top">656</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/656.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Reliance on Security Through Obscurity</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"><span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span></span></td> <td valign="top">657</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/657.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Violation of Secure Design Principles</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"><span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span></span></td> <td valign="top">799</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/799.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Improper Control of Interaction Frequency</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">807</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/807.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Reliance on Untrusted Inputs in a Security Decision</a></td> </tr> <tr class="primary Category"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/category.gif" alt="Category" class="icon"><span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span></span></td> <td valign="top">840</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/840.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Business Logic Errors</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">841</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/841.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Improper Enforcement of Behavioral Workflow</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"><span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">927</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/927.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Use of Implicit Intent for Sensitive Communication</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">1021</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/1021.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Improper Restriction of Rendered UI Layers or Frames</a></td> </tr> <tr class="primary Weakness"> <td valign="top">HasMember</td> <td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td> <td valign="top">1173</td> <td valign="top"><a href="https://cwe-mitre-org.translate.goog/data/definitions/1173.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer">Improper Use of Validation Framework</a></td> </tr> </tbody> </table> </div> </div> </div> </div> </div> <div id="Vulnerability_Mapping_Notes"> <div class="heading" id="Vulnerability_Mapping_Notes_1348"> <span><a href="javascript:toggleblocksOC('1348_Vulnerability_Mapping_Notes');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><img id="ocimg_1348_Vulnerability_Mapping_Notes" src="/images/head_more.gif" border="0" alt="+"></a> </span>Vulnerability Mapping Notes </div> <div name="oc_1348_Vulnerability_Mapping_Notes" id="oc_1348_Vulnerability_Mapping_Notes" class="expandblock"> <div class="detail"> <div class="indent"> <div id="Grouped"> <table width="98%" cellpadding="0" cellspacing="0" border="0" class="Detail"> <tbody> <tr> <td><p class="subheading" style="display:inline-block;">Usage: <span style="color:#FF0000"> PROHIBITED </span></p> <div style="font-size:90%; font-style:italic; padding:5px;display:inline-block;"> (this CWE ID must not be used to map to real-world vulnerabilities) </div></td> </tr> <tr> <td valign="top" width="100%"><p><span class="suboptheading">Reason: </span> Category</p></td> </tr> <tr> <td><p class="suboptheading">Rationale:</p> This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.</td> </tr> <tr> <td><p class="suboptheading">Comments:</p>See member weaknesses of this category.</td> </tr> </tbody> </table> </div> </div> </div> </div> </div> <div id="Notes"> <div class="heading" id="Notes_1348"> <span><a href="javascript:toggleblocksOC('1348_Notes');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><img id="ocimg_1348_Notes" src="/images/head_more.gif" border="0" alt="+"></a> </span>Notes </div> <div name="oc_1348_Notes" id="oc_1348_Notes" class="expandblock"> <div class="detail"> <div class="indent"> <div class="Maintenance_Note"> <p class="subheading">Maintenance</p> <div class="indent"> As of CWE 4.6, the relationships in this category were pulled directly from the CWE mappings cited in the 2021 OWASP Top Ten. These mappings include categories, which are discouraged for mapping, as well as high-level weaknesses such as Pillars. The CWE Program will work with OWASP to improve these mappings, possibly requiring modifications to CWE itself. </div> </div> </div> </div> </div> </div> <div id="References"> <div class="heading" id="References_1348"> <span><a href="javascript:toggleblocksOC('1348_References');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><img id="ocimg_1348_References" src="/images/head_more.gif" border="0" alt="+"></a> </span>References </div> <div name="oc_1348_References" id="oc_1348_References" class="expandblock"> <div class="detail"> <div class="indent"> <div id="Grouped"> <table width="98%" cellpadding="0" cellspacing="0" border="0" class="Detail"> <tbody> <tr> <td valign="top"> <div id="REF-1210_1348"> [REF-1210] "A04:2021 - Insecure Design". OWASP. 2021-09-24. <<a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://owasp.org/Top10/A04_2021-Insecure_Design/" target="_blank" rel="noopener noreferrer">https://owasp.org/Top10/A04_2021-Insecure_Design/</a>>. </div></td> </tr> <tr> <td valign="top"> <div id="REF-1206_1348"> [REF-1206] "OWASP Top 10:2021". OWASP. 2021-09-24. <<a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://owasp.org/Top10/" target="_blank" rel="noopener noreferrer">https://owasp.org/Top10/</a>>. </div></td> </tr> </tbody> </table> </div> </div> </div> </div> </div> <div id="Content_History"> <div class="heading" id="Content_History_1348"> <span><a href="javascript:toggleblocksOC('1348_Content_History');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><img id="ocimg_1348_Content_History" src="/images/head_more.gif" border="0" alt="+"></a> </span>Content History </div> <div name="oc_1348_Content_History" id="oc_1348_Content_History" class="expandblock"> <div class="tabledetail"> <div class="indent"> <div style="margin-top: 10px"> <table width="98%" cellpadding="0" cellspacing="0" border="0" class="Detail"> <thead class="Submissions"> <tr> <th valign="top" colspan="3" class="title"><span><a href="javascript:toggleblocksOC('1348_Submissions');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><img id="ocimg_1348_Submissions" src="/images/head_more.gif" border="0" alt="+"></a> </span>Submissions</th> </tr> </thead> <tbody id="oc_1348_Submissions" class="expandblock"> <tr> <th valign="top" style="width:200px;">Submission Date</th> <th valign="top" nowrap>Submitter</th> <th valign="top" nowrap>Organization</th> </tr> <tr> <td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2021-10-05 <br><span class="smaller" style="font-style:italic">(CWE 4.6, 2021-10-28)</span></td> <td valign="top">CWE Content Team</td> <td valign="top">MITRE</td> </tr> <tr> <td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee"></td> </tr> </tbody> <thead class="Modifications"> <tr> <th valign="top" colspan="3" class="title"><span><a href="javascript:toggleblocksOC('1348_Modifications');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><img id="ocimg_1348_Modifications" src="/images/head_less.gif" border="0" alt="+"></a> </span>Modifications</th> </tr> </thead> <tbody id="oc_1348_Modifications" class="collapseblock"> <tr> <th valign="top">Modification Date</th> <th valign="top" nowrap>Modifier</th> <th valign="top" nowrap>Organization</th> </tr> <tr> <td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2022-10-13</td> <td valign="top">CWE Content Team</td> <td valign="top">MITRE</td> </tr> <tr> <td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated References</td> </tr> <tr> <td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2023-04-27</td> <td valign="top">CWE Content Team</td> <td valign="top">MITRE</td> </tr> <tr> <td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Mapping_Notes</td> </tr> <tr> <td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2023-06-29</td> <td valign="top">CWE Content Team</td> <td valign="top">MITRE</td> </tr> <tr> <td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Mapping_Notes</td> </tr> </tbody> </table> </div> </div> </div> </div> </div> </div> <div id="More_Message_Custom" style="display:none;"> <div style="padding:15px 0px 0px 0px;color:#ff0000;font-size:95%;font-weight:bold;text-align:center;"> More information is available — Please edit the custom filter or select a different filter. </div> </div></td> </tr> </tbody> </table> <div id="FootPane" class="noprint"> <div id="footbar"><b>Page Last Updated: </b> November 19, 2024 </div> <div class="Footer noprint"><a name="footer" id="footer"></a> <table width="100%" cellpadding="0" cellspacing="0" border="0" class="ltgreybackground" style="clear:both"> <tbody> <tr> <td colspan="3" id="line"> <div class="line">   </div></td> </tr> <tr> <td valign="middle" nowrap> <div id="footerlinks" class="footlogo"><a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=http://www.mitre.org" target="_blank" rel="noopener noreferrer"><img src="/images/mitre_logo.gif" height="36" border="0" alt="MITRE" title="MITRE"></a> </div></td> <td width="100%" valign="top" style="padding:6px 0px;"> <div id="footerlinks"><a href="https://cwe-mitre-org.translate.goog/sitemap.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Site Map</a> | <a href="https://cwe-mitre-org.translate.goog/about/termsofuse.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Terms of Use</a> | <a href="https://cwe-mitre-org.translate.goog/data/definitions/1348.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#" onclick="Osano.cm.showDrawer('osano-cm-dom-info-dialog-open')">Manage Cookies</a> | <a href="https://cwe-mitre-org.translate.goog/about/cookie_notice.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Cookie Notice</a> | <a href="https://cwe-mitre-org.translate.goog/about/privacy_policy.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Privacy Policy</a> | <a href="mailto:cwe@mitre.org?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Contact Us</a> | <a target="_blank" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://twitter.com/CweCapec"><img src="/images/x-logo-black.png" width="18" height="18" style="border:0;vertical-align:right;" alt="CWE X-Twitter" title="CWE X-Twitter"></a> <a target="_blank" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://mastodon.social/@CWE_Program"><img src="/images/mastodon-logo.png" width="20" height="20" style="border:0;vertical-align:right;" alt="CWE Mastodon" title="CWE Mastodon"></a> <a target="_blank" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.linkedin.com/showcase/cve-cwe-capec"><img src="/images/linkedin_sm.jpg" width="20" height="20" style="border:0;vertical-align:right;" alt="CWE on LinkedIn" title="CWE on LinkedIn"></a> <a target="_blank" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.youtube.com/channel/UCpY9VIpRmFK4ebD6orssifA"><img src="/images/youtube.png" width="20" height="20" style="border:0;vertical-align:right;" alt="CWE YouTube channel" title="CWE YouTube Channel"></a> <a href="https://cwe-mitre-org.translate.goog/news/podcast.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><img src="/images/out_of_bounds_read_logo.png" width="22" height="22" style="border:0;vertical-align:right;" alt="CWE Out-of-Bounds-Read Podcast" title="CWE Out-of-Bounds-Read Podcast"></a> <a target="_blank" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://medium.com/@CWE_CAPEC"><img src="/images/medium.png" width="20" height="20" style="border:0;vertical-align:right;" alt="CWE Blog on Medium blog" title="CWE Blog on Medium"></a> </div><p>Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the <a href="https://cwe-mitre-org.translate.goog/about/termsofuse.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Terms of Use</a>. CWE is sponsored by the <a target="_blank" rel="noopener noreferrer" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.dhs.gov/">U.S. Department of Homeland Security</a> (DHS) <a target="_blank" rel="noopener noreferrer" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.dhs.gov/cisa/cybersecurity-division">Cybersecurity and Infrastructure Security Agency</a> (CISA) and managed by the <a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.dhs.gov/science-and-technology/hssedi" target="_blank" rel="noopener noreferrer">Homeland Security Systems Engineering and Development Institute</a> (HSSEDI) which is operated by <a target="_blank" rel="noopener noreferrer" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=http://www.mitre.org/">The MITRE Corporation</a> (MITRE). Copyright © 2006–2024, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.</p></td> <td valign="middle" nowrap> <div id="footerlinks" class="footlogo"><a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.dhs.gov/science-and-technology/hssedi" target="_blank" rel="noopener noreferrer"><img src="/images/hssedi.png" height="36" border="0" alt="HSSEDI" title="HSSEDI"></a> </div></td> </tr> </tbody> </table> </div> </div> <script async src="https://www.googletagmanager.com/gtag/js?id=G-TCLW30GNGV"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-TCLW30GNGV'); </script> <script>function gtElInit() {var lib = new google.translate.TranslateService();lib.translatePage('pl', 'lv', function () {});}</script> <script src="https://translate.google.com/translate_a/element.js?cb=gtElInit&hl=en-GB&client=wt" type="text/javascript"></script> </body> </html>

CINXE.COM

CWE - CWE-1348: CWE CATEGORY: OWASP Top Ten 2021 Category A04:2021 - Insecure Design (4.16)