CWE-207 – Observable Behavioral Discrepancy With Equivalent Products
Description The product operates in an environment in which its existence or specific identity should not be known, but it behaves differently than other products...
CWE-206 – Observable Internal Behavioral Discrepancy
Description The product performs multiple behaviors that are combined to produce a single result, but the individual behaviors are observable separately in a way that...
CWE-205 – Observable Behavioral Discrepancy
Description The product's behaviors indicate important differences that may be observed by unauthorized actors in a way that reveals (1) its internal state or decision...
CWE-204 – Observable Response Discrepancy
Description The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended...
CWE-203 – Observable Discrepancy
Description The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant...
CWE-202 – Exposure of Sensitive Information Through Data Queries
Description When trying to keep information confidential, an attacker can often infer some of the information by using statistics. In situations where data should not...
CWE-201 – Insertion of Sensitive Information Into Sent Data
Description The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor....
CWE-200 – Exposure of Sensitive Information to an Unauthorized Actor
Description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Modes of Introduction: - Architecture...
CWE-20 – Improper Input Validation
Description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to...
CWE-198 – Use of Incorrect Byte Ordering
Description The software receives input from an upstream component, but it does not account for byte ordering (e.g. big-endian and little-endian) when processing the input,...