CWE - CWE Glossary

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <base href="https://cwe.mitre.org/documents/glossary/index.html"> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta name="description" content="Common Weakness Enumeration (CWE) is a list of software and hardware weaknesses."> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <link rel="shortcut icon" href="/favicon.ico"> <link href="/css/main.css?version=4.16.111924" rel="stylesheet" type="text/css"> <link href="/css/custom.css" rel="stylesheet" type="text/css"> <script src="/includes/custom_filter.js" language="JavaScript" type="text/javascript"></script> <script src="/includes/browserheight.js" language="JavaScript" type="text/javascript"></script> <script src="/includes/jquery.js" language="JavaScript" type="text/javascript"></script> <script src="/includes/cwe_minimizer.js?version=4.12.062923" language="JavaScript" type="text/javascript"></script> <script src="/includes/cookie.js?version=4.12.062923" language="Javascript" type="text/javascript"></script> <script src="/includes/includeglossarydef.js" language="JavaScript" type="text/javascript"></script> <script src="/includes/custom.js" language="JavaScript" type="text/javascript"></script> <script src="https://cmp.osano.com/AzyhULTdPkqmy4aDN/318aa814-0420-45bb-857d-8fb5fac33ff8/osano.js"></script> <link href="/css/print.css?version=1.11" rel="stylesheet" media="print" type="text/css"> <link href="/css/mappingonly.css" rel="stylesheet" type="text/css"> <noscript> <style type="text/css"> #script { visibility:collapse; visibility:hidden; font-size:0px; height:0px; width:0px } #noscript { visibility:visible; font-size:inherit; height:inherit; width:inherit} </style> </noscript> <title>CWE - CWE Glossary </title> <meta http-equiv="X-Translated-By" content="Google"> <meta http-equiv="X-Translated-To" content="lv"> <script type="text/javascript" src="https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_GB.omlEigW4xY8.O/am=DgY/d=1/rs=AN8SPfpjsL9kUWY0h-sp7Ilu7hZWGwEmeg/m=corsproxy" data-sourceurl="https://cwe.mitre.org/documents/glossary/index.html"></script> <link href="https://fonts.googleapis.com/css2?family=Material+Symbols+Outlined:opsz,wght,FILL,GRAD@20..48,100..700,0..1,-50..200" rel="stylesheet"> <script type="text/javascript" src="https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_GB.omlEigW4xY8.O/am=DgY/d=1/exm=corsproxy/ed=1/rs=AN8SPfpjsL9kUWY0h-sp7Ilu7hZWGwEmeg/m=phishing_protection" data-phishing-protection-enabled="false" data-forms-warning-enabled="true" data-source-url="https://cwe.mitre.org/documents/glossary/index.html"></script> <meta name="robots" content="none"> </head> <body onload="onloadCookie()"> <script type="text/javascript" src="https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_GB.omlEigW4xY8.O/am=DgY/d=1/exm=corsproxy,phishing_protection/ed=1/rs=AN8SPfpjsL9kUWY0h-sp7Ilu7hZWGwEmeg/m=navigationui" data-environment="prod" data-proxy-url="https://cwe-mitre-org.translate.goog" data-proxy-full-url="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" data-source-url="https://cwe.mitre.org/documents/glossary/index.html" data-source-language="pl" data-target-language="lv" data-display-language="en-GB" data-detected-source-language="" data-is-source-untranslated="false" data-source-untranslated-url="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://cwe.mitre.org/documents/glossary/index.html&anno=2" data-client="tr"></script><a name="top" id="top"></a> <div id="MastHead" style="width:100%"> <div style="width:60%;float:left;padding-top:15px;padding-left:10px;padding-bottom:2px;"><a href="https://cwe-mitre-org.translate.goog/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" style="color:#32498D; text-decoration:none"> <img src="/images/cwe_logo.jpg" width="153" height="55" style="float:left;border:0;margin-right:6px" alt="CWE"> <h1 style="color:#314a8d;font-size:1.5em;font-family:'Verdana',sans-serif;#eee;margin: .1em auto">Common Weakness Enumeration</h1><p style="color:#314a8d;font-family:'Times New Roman';font-style:italic;font-size:1em;#eee;margin:.1em auto 0 auto">A community-developed list of SW & HW weaknesses that can become vulnerabilities</p></a> </div> <div style="float:right;padding-top:0px;text-align:right;padding-left:8px;padding-right:4px;padding-bottom:0px;"> <a href="https://cwe-mitre-org.translate.goog/about/new_to_cwe.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" title="New to CWE click here logo"><img src="/images/new_to_cwe/new_to_cwe_click_here.png" height="90" border="0" alt="New to CWE? click here!" style="text-align:center"></a> </div> <div style="float:right;padding-top:0px;text-align:right;padding-left:0px;padding-right:4px;padding-bottom:0px;"> <a href="https://cwe-mitre-org.translate.goog/scoring/lists/2021_CWE_MIHW.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" title="CWE Most Important Hardware Weaknesses"> <img src="/images/mihw_logo.svg" width="90" border="0" alt="CWE Most Important Hardware Weaknesses" style="vertical-align:bottom"></a> </div> <div style="float:right;padding-top:0px;text-align:right;padding-left:0px;padding-right:4px;padding-bottom:0px;"> <a href="https://cwe-mitre-org.translate.goog/top25/?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" title="CWE Top 25"><img src="/images/cwe_top_25_logo_simple.svg" width="90" border="0" alt="CWE Top 25 Most Dangerous Weaknesses" style="vertical-align:bottom"></a> </div> </div> <div id="HeaderBar" class="noprint"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tbody> <tr> <td width="100%" align="left" style="padding-left:10px; font-size:75%;"><a href="https://cwe-mitre-org.translate.goog/?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Home</a> > <a href="https://cwe-mitre-org.translate.goog/documents/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Documents</a> > CWE Glossary  </td> <td align="right" nowrap style="padding-right:12px"> <div class="noprint"> <form action="/cgi-bin/jumpmenu.cgi" align="right" style="padding:0px; margin:0px"> ID <label for="id" style="padding-right:5px">Lookup:</label> <input id="id" name="id" type="text" style="width:50px; font-size:80%" maxlength="10"> <input value="Go" style="padding: 0px; font-size:80%" type="submit"> </form> </div></td> </tr> </tbody> </table> </div> <div class="yesprint"> <hr width="100%" size="1" style="clear:both" color="#000000"> </div> <div class="topnav"> <ul> <li><a href="https://cwe-mitre-org.translate.goog/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Home</a></li> <li> <div class="dropdown"><a href="https://cwe-mitre-org.translate.goog/about/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><button class="dropbtn">About</button> ▼</a> <div class="dropdown-content"><a href="https://cwe-mitre-org.translate.goog/about/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">About</a> <a href="https://cwe-mitre-org.translate.goog/about/new_to_cwe.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">New to CWE</a> <a href="https://cwe-mitre-org.translate.goog/about/user_stories.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">User Stories</a> <a href="https://cwe-mitre-org.translate.goog/about/cwe_videos.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Videos</a> <a href="https://cwe-mitre-org.translate.goog/about/history.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">History</a> <a href="https://cwe-mitre-org.translate.goog/about/documents.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Documents</a> <a href="https://cwe-mitre-org.translate.goog/about/faq.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">FAQs</a> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Glossary</a> </div> </div></li> <li> <div class="dropdown"><a href="https://cwe-mitre-org.translate.goog/data/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><button class="dropbtn">CWE List</button> ▼</a> <div class="dropdown-content"><a href="https://cwe-mitre-org.translate.goog/data/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Latest Version</a> <a href="https://cwe-mitre-org.translate.goog/data/downloads.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Downloads</a> <a href="https://cwe-mitre-org.translate.goog/data/reports.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Reports</a> <a href="https://cwe-mitre-org.translate.goog/data/pdfs.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Visualizations</a> <a href="https://cwe-mitre-org.translate.goog/data/archive.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Archive</a> </div> </div></li> <li> <div class="dropdown"><a href="https://cwe-mitre-org.translate.goog/documents/cwe_usage/guidance.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><button class="dropbtn">Mapping</button> ▼</a> <div class="dropdown-content"><a href="https://cwe-mitre-org.translate.goog/documents/cwe_usage/guidance.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Root Cause Mapping Guidance</a> <a href="https://cwe-mitre-org.translate.goog/documents/cwe_usage/quick_tips.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Root Cause Mapping Quick Tips</a> <a href="https://cwe-mitre-org.translate.goog/documents/cwe_usage/mapping_examples.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Root Cause Mapping Examples</a> </div> </div></li> <li> <div class="dropdown"><a href="https://cwe-mitre-org.translate.goog/scoring/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top_n_lists"><button class="dropbtn">Top-N Lists</button> ▼</a> <div class="dropdown-content"><a href="https://cwe-mitre-org.translate.goog/top25/?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Top 25 Software</a> <a href="https://cwe-mitre-org.translate.goog/scoring/lists/2021_CWE_MIHW.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Top Hardware</a> <a href="https://cwe-mitre-org.translate.goog/top25/archive/2023/2023_kev_list.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Top 10 KEV Weaknesses</a> </div> </div></li> <li> <div class="dropdown"><a href="https://cwe-mitre-org.translate.goog/community/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><button class="dropbtn">Community</button> ▼</a> <div class="dropdown-content"><a href="https://cwe-mitre-org.translate.goog/community/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Community</a> <a href="https://cwe-mitre-org.translate.goog/community/working_groups.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Working Groups & Special Interest Groups</a> <a href="https://cwe-mitre-org.translate.goog/community/board.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Board</a> <a href="https://cwe-mitre-org.translate.goog/community/board.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#boardarchives">Board Meeting Minutes</a> <a href="https://cwe-mitre-org.translate.goog/community/registration.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">CWE Discussion List</a> <a target="_blank" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.mail-archive.com/cwe-research-list@mitre.org/">CWE Discussion Archives</a> <a href="https://cwe-mitre-org.translate.goog/community/submissions/overview.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Contribute Weakness Content to CWE</a> </div> </div></li> <li> <div class="dropdown"><a href="https://cwe-mitre-org.translate.goog/news/?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><button class="dropbtn">News</button> ▼</a> <div class="dropdown-content"><a href="https://cwe-mitre-org.translate.goog/news/?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Current News</a> <a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://twitter.com/CweCapec" target="_blank" rel="noopener noreferrer">X-Twitter <img src="/images/x-logo-black.png" width="12" height="12" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" title="X-Twitter"></a> <a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://mastodon.social/@CWE_Program" target="_blank" rel="noopener noreferrer">Mastodon <img src="/images/mastodon-logo.png" width="14" height="14" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" title="X (formerly Twitter)"></a> <a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.linkedin.com/showcase/cve-cwe-capec" target="_blank" rel="noopener noreferrer">LinkedIn <img src="/images/linkedin_sm.jpg" width="14" height="14" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" title="LinkedIn"></a> <a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.youtube.com/channel/UCpY9VIpRmFK4ebD6orssifA" target="_blank" rel="noopener noreferrer">YouTube <img src="/images/youtube.png" width="14" height="14" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" alt="YouTube"></a> <a href="https://cwe-mitre-org.translate.goog/news/podcast.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Podcast <img src="/images/out_of_bounds_read_logo.png" width="16" height="16" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" alt="Out of Bounds Read Podcast"></a> <a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://medium.com/@CWE_CAPEC" target="_blank" rel="noopener noreferrer">Medium <img src="/images/medium_sm.png" width="14" height="14" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" alt="Medium"></a> <a href="https://cwe-mitre-org.translate.goog/news/archives/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">News Archive</a> </div> </div></li> <li style="border-color:#aaaaaa"><a href="https://cwe-mitre-org.translate.goog/find/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Search</a></li> </ul> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0" id="MainPane"> <tbody> <tr> <td valign="top" rowspan="2" id="LeftPane"> <script type="text/javascript">browserheight();</script></td> <td style="height:1px"></td> <td valign="top" align="center" rowspan="2" nowrap id="RightPane"></td> </tr> <tr> <td valign="top" width="100%" id="Contentpane"> <div id="styled_popup" name="styled_popup" style="display:none; position:fixed; top:300; height:auto; width:300px; z-index:1000"> <table width="300" cellpadding="0" cellspacing="0" border="0" style="border:1px solid #32498D;"> <tbody> <tr style="background-color:#32498D; color:#ffffff;"> <td width="100%" style="padding:1px 5px 1px 5px; border-bottom:1px solid #000000"> <div width="100%" style="font-weight:bold;"> CWE Glossary Definition </div></td> <td nowrap style="padding:1px; border-bottom:1px solid #000000" valign="top"><a href="javascript:styledPopupClose();?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><img src="/images/layout/close.gif" border="0" alt="x"></a></td> </tr> <tr> <td colspan="2" style="background: url(/images/layout/ylgradient.jpg); background-repeat: repeat-x repeat-y; padding:5px; background-color:#FFFFCC; " valign="top"> <div id="output" style="max-height:400px; overflow-y:auto"></div></td> </tr> </tbody> </table> </div><style type="text/css"> #TOC div {padding-left:20px; padding-bottom:2px; margin-bottom:2px; float:left; width:18em} #TOC {column-count:auto; -moz-column-count:auto; -webkit-column-count:auto; column-width: 18em; -moz-column-width: 18em; -webkit-column-width: 18em; column-gap:10px; -moz-column-gap:10px; -webkit-column-gap:10px; } </style> <div class="glossarypage"> <h2 class="header">About CWE</h2>   <div class="tablehead"> CWE Glossary </div> <div id="TOC"> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#AITM">AITM</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Activation Point">Activation Point</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Actor">Actor</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Adversary-in-the-Middle">Adversary-in-the-Middle</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Allowlist">Allowlist</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Attack Pattern">Attack Pattern</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Attacker">Attacker</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Authentication">Authentication</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Authorization">Authorization</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Base Weakness">Base Weakness</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Behavior">Behavior</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Business Logic">Business Logic</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#CRUD">CRUD</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Callable">Callable</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Canonicalization">Canonicalization</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Canonicalize">Canonicalize</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Category">Category</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Chain">Chain</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Check">Check</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Class Weakness">Class Weakness</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Cleanse">Cleanse</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Cleansing">Cleansing</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Cleartext">Cleartext</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Composite">Composite</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Compound Element">Compound Element</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Consequence">Consequence</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Control Element">Control Element</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Control Sphere">Control Sphere</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Crossover Point">Crossover Point</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Denylist">Denylist</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Enforce">Enforce</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Entry">Entry</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Equivalence">Equivalence</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Explicit Slice">Explicit Slice</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Filter">Filter</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Filtering">Filtering</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Graph">Graph</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Handle">Handle</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#ICTA">ICTA</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#IP">IP</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Implicit Slice">Implicit Slice</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Improper">Improper</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Incorrect">Incorrect</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Information Exposure">Information Exposure</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Insecure">Insecure</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Insufficient">Insufficient</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Interaction Point">Interaction Point</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Internal">Internal</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Invokable Element">Invokable Element</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Leading">Leading</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Loose Composite">Loose Composite</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#MAID">MAID</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Manipulation">Manipulation</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Method Control Element">Method Control Element</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Missing">Missing</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Named Chain">Named Chain</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Natural Hierarchy">Natural Hierarchy</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Neutralization">Neutralization</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Neutralize">Neutralize</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Node">Node</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Permissions">Permissions</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Pillar Weakness">Pillar Weakness</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Plaintext">Plaintext</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Platform Resource">Platform Resource</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Primary Weakness">Primary Weakness</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Property">Property</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Protection Mechanism">Protection Mechanism</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Reliance">Reliance</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Resolution">Resolution</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Resolve">Resolve</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Resource">Resource</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Resultant Weakness">Resultant Weakness</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#SDLC">SDLC</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Sanitization">Sanitization</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Sanitize">Sanitize</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Security Policy">Security Policy</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Slice">Slice</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Special Element">Special Element</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Sphere of Control">Sphere of Control</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Technology">Technology</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Technology-Specific">Technology-Specific</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Trailing">Trailing</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Trigger Point">Trigger Point</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Unexpected">Unexpected</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Variant Weakness">Variant Weakness</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#View">View</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Vulnerability">Vulnerability</a> </div> <div> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Weakness">Weakness</a> </div> </div> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="AITM">AITM</a></h3> <p>Abbreviation for Adversary-in-the-Middle. Formerly MITM.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Activation Point">Activation Point</a></h3> <p>a vulnerability theory term for the location in code at an attacker's "payload" can be executed, i.e., when the attacker has caused the code to violate the intended security policy. For example, in SQL injection, the code reads an input from a parameter (interaction point), incorrectly checks the input for dangerous characters (crossover point), inserts the input into a dynamically generated query string, then sends the query string to the database server (trigger point), then the query is processed by the server (activation point). See the Vulnerability Theory paper for more details.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Actor">Actor</a></h3> <p>a vulnerability theory term that describes an entity that interacts with a product or with other entities, such as a User, Service, Monitor (e.g. IDS), Intermediary, and others.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Adversary-in-the-Middle">Adversary-in-the-Middle</a></h3> <p>an adversary who is able to eavesdrop, intercept, and/or possibly modify the communications between two parties by having access to an intermediary system through which communication must flow between the two parties, e.g. an router in between a client and server. Formerly Man-in-the-Middle / MITM.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Allowlist">Allowlist</a></h3> <p>a list or group of characters, strings, patterns, or other elements that is used to identify whether certain data should be allowed or accepted; treated as safe; included; or processed without modification.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Attack Pattern">Attack Pattern</a></h3> <p>The common approach and attributes related to the exploitation of a weakness in a software, firmware, hardware, or service component.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Attacker">Attacker</a></h3> <p>an actor who attempts to gain access to behaviors or resources that are outside of the product's intended control sphere for that actor.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Authentication">Authentication</a></h3> <p>the process of verifying that an actor has a specific real-world identity, typically by checking for information that the product assumes can only be produced by that actor. This is different than authorization, because authentication focuses on verifying the identity of the actor, not what resources the actor can access.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Authorization">Authorization</a></h3> <p>the process of determining whether an actor with a given identity is allowed to have access to a resource, then granting access to that resource, as defined by the implicit and explicit security policies for the system. This is different than authentication, because authorization focuses on whether a given actor can access a given resource, not in proving what the real-world identity of the actor is.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Base Weakness">Base Weakness</a></h3> <p>a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class Weakness. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. For example the base weakness "Use of Externally-Controlled Format String" (CWE-134) describes an issue (inappropriate action) with a behavior (Use of) taken against a specific resource (Format String) with a given property (Externally Controlled). Another example is "Improper Limitation of a Pathname to a Restricted Directory" (CWE-22) which describes an issue (Improper Limitation) with a behavior (control of a Pathname) taken against a resource (Directory) with a given property (Restricted).</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Behavior">Behavior</a></h3> <p>an action that the product takes, typically as implemented in code or as represented by an algorithm. Could also refer to actions by other actors that are not the system.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Business Logic">Business Logic</a></h3> <p>Use of this term is discouraged in CWE. This term is generally used to describe issues that require domain-specific knowledge or "business rules" to determine if they are weaknesses or vulnerabilities, instead of legitimate behavior. Such issues might not be easily detectable via automatic code analysis, because the associated operations do not produce clear errors or undefined behavior at the code level.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="CRUD">CRUD</a></h3> <p>acronym for "Create, Read, Update, Delete," a model for persistent storage of data that is similar to the resource model in vulnerability theory.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Callable">Callable</a></h3> <p>(adapted from CISQ) also known as "Callable Element": an abstract term for a function, method, procedure, etc. that can be explicitly invoked by its name.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Canonicalization">Canonicalization</a></h3> <p>a behavior that converts or reduces an input/output to a single fixed form that cannot be converted or reduced any further. In cases in which the input/output is used as an identifier, canonicalization refers to the act of converting that identifier. For example, when the current working directory is "/users/cwe," the filename "../xyz" can be canonicalized to "/users/xyz."</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Canonicalize">Canonicalize</a></h3> <p>to perform Canonicalization.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Category">Category</a></h3> <p>a CWE entry that contains a set of other entries that share a common characteristic. A category is not a weakness, but rather a structural item that helps users find weaknesses that share the stated common characteristic.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Chain">Chain</a></h3> <p>a Compound Element that is a sequence of two or more separate weaknesses that can be closely linked together. One weakness, X, can directly create the conditions that are necessary to cause another weakness, Y, to enter a vulnerable condition. When this happens, CWE refers to X as "primary" to Y, and Y is "resultant" from X. For example, in the named chain CWE-691, an integer overflow (CWE-190) can lead to a buffer overflow (CWE-120) if an integer overflow occurs while calculating the amount of memory to allocate. In this case, the integer overflow would be primary to the buffer overflow. Chains can involve more than two weaknesses, and in some cases, they might have a tree-like structure.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Check">Check</a></h3> <p>in the vulnerability theory model of error handling, to examine a resource, its properties, or the system state to determine if they align with the expectations of the product.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Class Weakness">Class Weakness</a></h3> <p>a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. For example the class weakness "Uncontrolled Resource Consumption" (CWE-400) describes an issue (Uncontrolled) with a behavior (Consumption) associated with any type of resource. Another example is "Insecure Storage of Sensitive Information" (CWE-922) which describes an issue (Insecure) with a behavior (Storage) taken against a general type of resource (Sensitive Information).</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Cleanse">Cleanse</a></h3> <p>Use of this term is discouraged in names and descriptions for CWE weaknesses, since it has too many different meanings in the industry and may cause mapping errors. It is not precise enough for CWE's purpose. This decision was made in CWE 1.9.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Cleansing">Cleansing</a></h3> <p>This term is discouraged for use in CWE.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Cleartext">Cleartext</a></h3> <p>Any information that is unencrypted, although it might be in an encoded form that is not easily human-readable, such as base64 encoding. Some people use the "plaintext" term to mean the same thing, but "plaintext" has a more precise meaning within cryptography.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Composite">Composite</a></h3> <p>a Compound Element that consists of two or more distinct weaknesses, in which all weaknesses must be present at the same time in order for a potential vulnerability to arise. Removing any of the weaknesses eliminates or sharply reduces the risk. One weakness, X, can be "broken down" into component weaknesses Y and Z. For example, Symlink Following (CWE-61) is only possible through a combination of several component weaknesses, including predictability (CWE-340), inadequate permissions (CWE-275), and race conditions (CWE-362). By eliminating any single component, a developer can prevent the composite from becoming exploitable. There can be cases in which one weakness might not be essential to a composite, but changes the nature of the composite when it becomes a vulnerability; for example, NUL byte interaction errors (CWE-626) can widen the scope of path traversal weaknesses (CWE-22), which often limit which files could be accessed due to idiosyncrasies in filename generation.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Compound Element">Compound Element</a></h3> <p>an Entry that closely associates two or more CWE entries. The CWE team's research has shown that vulnerabilities often can be described in terms of the interaction or co-occurrence of two or more weaknesses.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Consequence">Consequence</a></h3> <p>a fault - a behavior that is always incorrect if executed, i.e., conflicts with the intended security policy.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Control Element">Control Element</a></h3> <p>(adapted from CISQ) an abstract term for a function, method, procedure, etc.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Control Sphere">Control Sphere</a></h3> <p>a vulnerability theory term for a set of resources and behaviors that are accessible to a single actor, or a group of actors that all share the same security restrictions. This set can be empty. A product's security model will typically define multiple spheres, although this model might not be explicitly stated. For example, a server might define one sphere for "administrators" who can create new user accounts with subdirectories under /home/server/, and a second sphere might cover the set of users who can create or delete files within their own subdirectories. A third sphere might be "users who are authenticated to the operating system on which the product is installed." Each sphere has different sets of actors and allowable behaviors. Vulnerabilities can arise when the boundaries of a control sphere are not properly enforced, or when a control sphere is defined in a way that allows more actors or resources than the developer or system operator intends. For example, an application might intend to allow guest users to access files that are only within a given directory, but a path traversal attack could allow access to files that are outside of that directory, which are thus outside of the intended sphere of control.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Crossover Point">Crossover Point</a></h3> <p>a vulnerability theory term for the location in code after which an expected property is violated. This is likely to lead to incorrect actions at a later point. For example, a programmer might use a regular expression to restrict an input string to contain only digits, such as for a telephone number. After applying the regular expression, the string is expected to have the property "only contains digits." If the regular expression is incorrectly specified (e.g., only testing for the presence of a digit anywhere in the string), then after its application, the code reaches a crossover point because the string does not necessarily have the property of "only contains digits." For example, in SQL injection, the code reads an input from a parameter (interaction point), incorrectly checks the input for dangerous characters (crossover point), inserts the input into a dynamically generated query string, then sends the query string to the database server (trigger point), then the query is processed by the server (activation point). See the Vulnerability Theory paper for more details.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Denylist">Denylist</a></h3> <p>a list or group of characters, strings, patterns, or other elements that is used to identify whether certain data should be denied or rejected; treated as dangerous; removed; or modified before being processed.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Enforce">Enforce</a></h3> <p>a general term, meaning to check or manipulate a resource so that it has a property that is required by the security policy. For example, the filtering of all non-alphanumeric characters from an input is one mechanism to enforce that "all characters are alphanumeric." An alternate method of enforcement would be to reject the input entirely if it contains anything that's non-alphanumeric.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Entry">Entry</a></h3> <p>any type of item in the CWE list that has been assigned a unique identifier.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Equivalence">Equivalence</a></h3> <p>a security property in which two identifiers, inputs, resources, or behaviors have syntactically different representations, but are ultimately treated as being the same. For example, in Windows systems, the filenames "MyFile.txt" and "MYFILE.TXT" are equivalent because they refer to the same underlying file object. The inability to recognize equivalence is often a factor in vulnerabilities.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Explicit Slice">Explicit Slice</a></h3> <p>a Slice whose membership is determined by some external criterion that is represented using HasMember relationships between the view and those entries, but not between entries themselves. An example is CWE-635, which lists the CWE identifiers that being used by NVD.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Filter">Filter</a></h3> <p>to perform Filtering.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Filtering">Filtering</a></h3> <p>the removal of elements from input or output based on some criteria. This term may apply to removal of elements regardless of security implications.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Graph">Graph</a></h3> <p>a View that specifies relationships between entries, typically of a hierarchical nature. The root level nodes of the view are specified using HasMember relationships. Children are specified using ChildOf or other relationships.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Handle">Handle</a></h3> <p>in the vulnerability theory model of error handling, to modify execution based on the results of a check for an error or exceptional condition.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="ICTA">ICTA</a></h3> <p>Interaction/Crossover/Trigger/Activation, an acronym for the vulnerability theory terms for important locations in code artifacts.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="IP">IP</a></h3> <p>In networking: "Internet Protocol". In hardware: an "Intellectual Property".</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Implicit Slice">Implicit Slice</a></h3> <p>a Slice that defines its membership based on common characteristics of entries, such as weaknesses that can appear in C programs (CWE-658).</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Improper">Improper</a></h3> <p>used as a catch-all term to cover security behaviors that are either "Missing" or "Insufficient/Incorrect." Note: this term is being used inconsistently in CWE, although it has been more clearly defined since CWE 1.2.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Incorrect">Incorrect</a></h3> <p>a general term, used to describe when a behavior attempts to do a task but does not do it correctly. This is distinct from "Missing," in which the developer does not even attempt to perform the behavior. This is similar to "Insufficient." Note: this term is being used inconsistently in CWE, although it has been more clearly defined since CWE 1.2.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Information Exposure">Information Exposure</a></h3> <p>the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Insecure">Insecure</a></h3> <p>Use of this term is discouraged in names and descriptions for CWE weaknesses, since it does not provide any hint about the actual error that was introduced by the developer. Some unreviewed entries may still use this term, although it will be corrected in future versions of CWE. This is a general term used to describe a behavior that is incorrect and has security implications.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Insufficient">Insufficient</a></h3> <p>a general term used to describe when a security property or behavior can vary in strength on a continuous or sliding scale, instead of a discrete scale. The continuous scale may vary depending on the context and risk tolerance. For example, the requirements for randomness may vary between a random selection for a greeting message versus the generation of a military-strength key. On the other hand, a weakness that allows a buffer overflow is always incorrect - there is not a sliding scale that varies across contexts. Note: this this term has been used inconsistently in CWE, although it was more clearly defined beginning in CWE 1.4.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Interaction Point">Interaction Point</a></h3> <p>a vulnerability theory term for the point in code from which input is obtained from the external environment. For example, in SQL injection, the code reads an input from a parameter (interaction point), incorrectly checks the input for dangerous characters (crossover point), inserts the input into a dynamically generated query string, then sends the query string to the database server (trigger point), then the query is processed by the server (activation point). See the Vulnerability Theory paper for more details.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Internal">Internal</a></h3> <p>used to describe a manipulation that occurs within an identifier or input, and not at the beginning or the end. This term is often used in conjunction with special elements. For example, the string "/etc//passwd" has multiple internal "/" characters, or "<SCRI.PT>" has an internal "." character.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Invokable Element">Invokable Element</a></h3> <p>An abstract term, defined to cover the concepts of "named-callable" elements and "method control" elements, as defined by CISQ.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Leading">Leading</a></h3> <p>1) used to describe a manipulation that occurs at the beginning of an identifier or input. This term is often used in conjunction with special elements. For example, the string "//etc/passwd" has multiple leading "/" characters. 2) used to describe the transition from a primary to resultant weakness in a chain</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Loose Composite">Loose Composite</a></h3> <p>an informal term for describing a CWE entry that the general public thinks of as an individual weakness, but is actually a disjoint list of multiple distinct weaknesses - i.e., a narrowly-defined category. An example of a loose composite is "insecure temporary file" - the temporary file could have permissions problems, be used as a semaphore, be part of a race condition, etc.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="MAID">MAID</a></h3> <p>Modification of Assumed-Immutable Data. Originating in the early years of CWE, this describes a case in which the developer (and the code) assumes that certain data cannot be modified or influenced by an adversary, but it can.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Manipulation">Manipulation</a></h3> <p>the modification of a resource by an actor, typically to change its properties. Usually used in the context of software as it manipulates inputs and system resources to ensure that security properties are enforced.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Method Control Element">Method Control Element</a></h3> <p>(adapted from CISQ) an abstract term for a method that can be explicitly invoked by its name. See "Callable Element."</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Missing">Missing</a></h3> <p>used to describe a behavior that the developer has not attempted to perform. This is distinct from "incorrect," which describes when the developer attempts to perform the behavior, but does not do it correctly. Note: this term is being used inconsistently in CWE, although it has been more clearly defined since CWE 1.2.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Named Chain">Named Chain</a></h3> <p>a Chain that appears so frequently that a CWE ID has been assigned to it, such as CWE-680 (Integer Overflow to Buffer Overflow).</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Natural Hierarchy">Natural Hierarchy</a></h3> <p>the term used in Draft 9 for the Research Concepts View (CWE-1000).</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Neutralization">Neutralization</a></h3> <p>a general term to describe the process of ensuring that input or output has certain security properties before it is used. This is independent of the specific protection mechanism that performs the neutralization. The term could refer to one or more of the following: filtering/cleansing, canonicalization/resolution, encoding/decoding, escaping/unescaping, quoting/unquoting, validation, or other mechanisms.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Neutralize">Neutralize</a></h3> <p>to perform Neutralization.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Node">Node</a></h3> <p>another term for a CWE entry, especially used before CWE 1.0.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Permissions">Permissions</a></h3> <p>the explicit specifications for a resource, or a set of resources, that defines which actors are allowed to access that resource, and which actions may be performed by those actors. Permissions can contribute to the definition of one or more intended control spheres.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Pillar Weakness">Pillar Weakness</a></h3> <p>the highest-level weakness that cannot be made any more abstract. Pillars are the top-level entries in the Research Concepts View (CWE-1000) and represent an abstract theme for all class/base/variant weaknesses related to it. A pillar is different from a category as a pillar is still technically a type of weakness that describes a mistake, while a category represents a common characteristic used to group related things. For example, Incorrect Calculation (CWE-682) is an example of a pillar, as it describes a mistake but does not imply anything specific about where such a mistake is made or the type of resource that is affected.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Plaintext">Plaintext</a></h3> <p>information that is used as the input to an encryption algorithm, which might contain already-encrypted text. Many people use the "plaintext" term to mean "unencrypted," and others may use "cleartext" to mean the same thing.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Platform Resource">Platform Resource</a></h3> <p>a resource that is provided by a platform, e.g., messaging, stream, lock, file, directory, etc.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Primary Weakness">Primary Weakness</a></h3> <p>a weakness that is an initial, critical error (root cause) that can expose other weaknesses later in a chain.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Property">Property</a></h3> <p>a vulnerability theory term for the security-relevant characteristic of an individual resource or behavior that is important to the system's intended security model, which might change over time. For example, user input is initially untrusted; after the system neutralizes the input, when the input is finally processed, it must be treated as trusted. This illustrates the Trustability property.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Protection Mechanism">Protection Mechanism</a></h3> <p>a vulnerability theory term for a set of behaviors that helps to enforce an implicit or explicit security policy for the product, such as an input validation routine.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Reliance">Reliance</a></h3> <p>a security-relevant assumption that a resource has a given property, which can lead to weaknesses if that property cannot be guaranteed. For example, an access control protection mechanism might use reverse DNS lookups (CWE-247) in an attempt to limit access to systems in a particular domain; however, this reliance on DNS introduces a weakness because DNS results can be spoofed.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Resolution">Resolution</a></h3> <p>the process of converting a resource identifier to a single, canonical form. For example, code that converts "/tmp/abc/../def.xyz" to "/tmp/def.xyz" is performing resolution on an identifier that is being used for a file resource.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Resolve">Resolve</a></h3> <p>to perform Resolution.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Resource">Resource</a></h3> <p>a vulnerability theory term for an object or entity that is accessed or modified within the operation of the product, such as memory, CPU, files, or sockets. Resources can be system-level (memory or CPU), code-level (function or variable), or application-level (cookie or message).</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Resultant Weakness">Resultant Weakness</a></h3> <p>a weakness that is only exposed to attack after another weakness has been exploited; an early link in a chain.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="SDLC">SDLC</a></h3> <p>Software Development Lifecycle.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Sanitization">Sanitization</a></h3> <p>Use of this term is discouraged in names and descriptions for CWE weaknesses, since it has too many different meanings in the industry and may cause mapping errors. It is not precise enough for CWE's purpose. Similar terms in use in CWE may include "Neutralization," "Validation," "Encoding," and "Filtering."</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Sanitize">Sanitize</a></h3> <p>This term is discouraged for use in CWE.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Security Policy">Security Policy</a></h3> <p>in vulnerability theory, a set of valid behaviors, properties, and resources within the context of operation of a product. The policy is generally implicit (as reflected in the code, or the programmer's assumptions), but it can be explicit.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Slice">Slice</a></h3> <p>a view that is a flat list of CWE entries that does not specify any relationships between those entries.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Special Element">Special Element</a></h3> <p>a general term for a sequence of bytes, characters, or words that is used to separate different portions of data within a particular representation or language. The most commonly understood usage of special elements is in single characters, such as the "<" in HTML, which marks the beginning of a tag. As another example, the CRLF (carriage return / line feed) character is used as a separator between headers in MIME messages, so CRLF is a special element. When multi-part MIME messages are constructed, the boundary string becomes a special element. Special elements are often important in weaknesses that can be exploited by injection attacks. A special element in one representation might not be special in another. For example, whitespace is a special element when executing a command in a shell (since it acts as an argument separator), but it has no special meaning in the body of HTML or email messages.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Sphere of Control">Sphere of Control</a></h3> <p>See Control Sphere</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Technology">Technology</a></h3> <p>Information and communications technology (ICT), as defined by Wikipedia: "a broad subject [that] covers any product that will store, retrieve, manipulate, transmit, or receive information electronically in a digital form (e.g., personal computers including smartphones, digital television, email, or robots)."</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Technology-Specific">Technology-Specific</a></h3> <p>Applicable to one or more specific classes of Information and communications technology (ICT), instead of a broad range of technologies. See "Technology".</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Trailing">Trailing</a></h3> <p>used to describe a manipulation that occurs at the end of an identifier or input. This term is often used in conjunction with special elements. For example, the string "example.com." has a trailing "." character.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Trigger Point">Trigger Point</a></h3> <p>a vulnerability theory term for the location in code after which the software can no longer prevent itself from violating the intended security policy. For example, in SQL injection, the code reads an input from a parameter (interaction point), incorrectly checks the input for dangerous characters (crossover point), inserts the input into a dynamically generated query string, then sends the query string to the database server (trigger point), then the query is processed by the server (activation point). See the Vulnerability Theory paper for more details.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Unexpected">Unexpected</a></h3> <p>violating the assumptions of the developer or operator of the product. This is typically used to describe the state of the product, a behavior that was not intended, or a property of a resource that was not assumed to be present. For example, if an e-commerce program allows a user to specify the quantity of items to purchase, and the program assumes that the quantity will be a number, then the string "abcde" is unexpected. A program crash is usually unexpected behavior. Similarly, when a programmer dereferences a pointer, it is usually unexpected if that pointer can be NULL. Attacks often leverage unexpected properties and behaviors, since the developer has not necessarily provided a sufficient defense.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Variant Weakness">Variant Weakness</a></h3> <p>a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. For example the variant weakness "Private Data Structure Returned From A Public Method" (CWE-495) describes an issue (inappropriate action) with a behavior (Return) associated with a specific resource (Data Structure) with a given property (Private). Another example is "Use of sizeof() on a Pointer Type" (CWE-467) which describes an issue (Use of) with a behavior (application of a function) against a resource (Pointer) within an implied language (those that support Pointer Types).</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="View">View</a></h3> <p>a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries).</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Vulnerability">Vulnerability</a></h3> <p>A flaw in a software, firmware, hardware, or service component resulting from a weakness that can be exploited, causing a negative impact to the confidentiality, integrity, or availability of an impacted component or components.</p> <div style="clear:both"></div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> <hr width="100%" size="1" style="clear:both" color="#000000"> <h3><a name="Weakness">Weakness</a></h3> <p>A condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.</p> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div> </div> <div id="More_Message_Custom" style="display:none;"> <div style="padding:15px 0px 0px 0px;color:#ff0000;font-size:95%;font-weight:bold;text-align:center;"> More information is available — Please edit the custom filter or select a different filter. </div> </div></td> </tr> </tbody> </table> <div id="FootPane" class="noprint"> <div id="footbar"><b>Page Last Updated: </b> November 16, 2022 </div> <div class="Footer noprint"><a name="footer" id="footer"></a> <table width="100%" cellpadding="0" cellspacing="0" border="0" class="ltgreybackground" style="clear:both"> <tbody> <tr> <td colspan="3" id="line"> <div class="line">   </div></td> </tr> <tr> <td valign="middle" nowrap> <div id="footerlinks" class="footlogo"><a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=http://www.mitre.org" target="_blank" rel="noopener noreferrer"><img src="/images/mitre_logo.gif" height="36" border="0" alt="MITRE" title="MITRE"></a> </div></td> <td width="100%" valign="top" style="padding:6px 0px;"> <div id="footerlinks"><a href="https://cwe-mitre-org.translate.goog/sitemap.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Site Map</a> | <a href="https://cwe-mitre-org.translate.goog/about/termsofuse.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Terms of Use</a> | <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#" onclick="Osano.cm.showDrawer('osano-cm-dom-info-dialog-open')">Manage Cookies</a> | <a href="https://cwe-mitre-org.translate.goog/about/cookie_notice.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Cookie Notice</a> | <a href="https://cwe-mitre-org.translate.goog/about/privacy_policy.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Privacy Policy</a> | <a href="mailto:cwe@mitre.org?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Contact Us</a> | <a target="_blank" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://twitter.com/CweCapec"><img src="/images/x-logo-black.png" width="18" height="18" style="border:0;vertical-align:right;" alt="CWE X-Twitter" title="CWE X-Twitter"></a> <a target="_blank" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://mastodon.social/@CWE_Program"><img src="/images/mastodon-logo.png" width="20" height="20" style="border:0;vertical-align:right;" alt="CWE Mastodon" title="CWE Mastodon"></a> <a target="_blank" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.linkedin.com/showcase/cve-cwe-capec"><img src="/images/linkedin_sm.jpg" width="20" height="20" style="border:0;vertical-align:right;" alt="CWE on LinkedIn" title="CWE on LinkedIn"></a> <a target="_blank" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.youtube.com/channel/UCpY9VIpRmFK4ebD6orssifA"><img src="/images/youtube.png" width="20" height="20" style="border:0;vertical-align:right;" alt="CWE YouTube channel" title="CWE YouTube Channel"></a> <a href="https://cwe-mitre-org.translate.goog/news/podcast.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><img src="/images/out_of_bounds_read_logo.png" width="22" height="22" style="border:0;vertical-align:right;" alt="CWE Out-of-Bounds-Read Podcast" title="CWE Out-of-Bounds-Read Podcast"></a> <a target="_blank" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://medium.com/@CWE_CAPEC"><img src="/images/medium.png" width="20" height="20" style="border:0;vertical-align:right;" alt="CWE Blog on Medium blog" title="CWE Blog on Medium"></a> </div><p>Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the <a href="https://cwe-mitre-org.translate.goog/about/termsofuse.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Terms of Use</a>. CWE is sponsored by the <a target="_blank" rel="noopener noreferrer" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.dhs.gov/">U.S. Department of Homeland Security</a> (DHS) <a target="_blank" rel="noopener noreferrer" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.dhs.gov/cisa/cybersecurity-division">Cybersecurity and Infrastructure Security Agency</a> (CISA) and managed by the <a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.dhs.gov/science-and-technology/hssedi" target="_blank" rel="noopener noreferrer">Homeland Security Systems Engineering and Development Institute</a> (HSSEDI) which is operated by <a target="_blank" rel="noopener noreferrer" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=http://www.mitre.org/">The MITRE Corporation</a> (MITRE). Copyright © 2006–2024, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.</p></td> <td valign="middle" nowrap> <div id="footerlinks" class="footlogo"><a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.dhs.gov/science-and-technology/hssedi" target="_blank" rel="noopener noreferrer"><img src="/images/hssedi.png" height="36" border="0" alt="HSSEDI" title="HSSEDI"></a> </div></td> </tr> </tbody> </table> </div> </div> <script async src="https://www.googletagmanager.com/gtag/js?id=G-TCLW30GNGV"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-TCLW30GNGV'); </script> <script>function gtElInit() {var lib = new google.translate.TranslateService();lib.translatePage('pl', 'lv', function () {});}</script> <script src="https://translate.google.com/translate_a/element.js?cb=gtElInit&hl=en-GB&client=wt" type="text/javascript"></script> </body> </html>

CINXE.COM

CWE - CWE Glossary