CWE-653 – Improper Isolation or Compartmentalization
Description The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions. When a weakness occurs...
CWE-652 – Improper Neutralization of Data within XQuery Expressions (‘XQuery Injection’)
Description The software uses external input to dynamically construct an XQuery expression used to retrieve data from an XML database, but it does not neutralize...
CWE-651 – Exposure of WSDL File Containing Sensitive Information
Description The Web services architecture may require exposing a Web Service Definition Language (WSDL) file that contains information on the publicly accessible services and how...
CWE-650 – Trusting HTTP Permission Methods on the Server Side
Description The server contains a protection mechanism that assumes that any URI that is accessed using HTTP GET will not cause a state change to...
CWE-65 – Windows Hard Link
Description The software, when opening a file or directory, does not sufficiently handle when the name is associated with a hard link to a target...
CWE-649 – Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
Description The software uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the software does not use integrity...
CWE-648 – Incorrect Use of Privileged APIs
Description The application does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges...
CWE-647 – Use of Non-Canonical URL Paths for Authorization Decisions
Description The software defines policy namespaces and makes authorization decisions based on the assumption that a URL is canonical. This can allow a non-canonical URL...
CWE-646 – Reliance on File Name or Extension of Externally-Supplied File
Description The software allows a file to be uploaded, but it relies on the file name or extension of the file to determine the appropriate...
CWE-645 – Overly Restrictive Account Lockout Mechanism
Description The software contains an account lockout protection mechanism, but the mechanism is too restrictive and can be triggered too easily, which allows attackers to...