CWE-1267 – Policy Uses Obsolete Encoding
Description The product uses an obsolete encoding mechanism to implement access controls. Modes of Introduction: - Architecture and Design Related Weaknesses CWE-284 ...
CWE-1268 – Policy Privileges are not Assigned Consistently Between Control and Data Agents
Description The product's hardware-enforced access control for a particular resource improperly accounts for privilege discrepancies between control and write policies. Modes of Introduction: - Architecture...
CWE-1230 – Exposure of Sensitive Information Through Metadata
Description The product prevents direct access to a resource containing sensitive information, but it does not sufficiently limit access to metadata that is derived from...
CWE-1231 – Improper Prevention of Lock Bit Modification
Description The product uses a trusted lock bit for restricting access to registers, address regions, or other resources, but the product does not prevent the...
CWE-1232 – Improper Lock Behavior After Power State Transition
Description Register lock bit protection disables changes to system configuration once the bit is set. Some of the protected registers or lock bits become programmable...
CWE-1233 – Security-Sensitive Hardware Controls with Missing Lock Bit Protection
Description The product uses a register lock bit protection mechanism, but it does not ensure that the lock bit prevents modification of system registers or...
CWE-1234 – Hardware Internal or Debug Modes Allow Override of Locks
Description System configuration protection may be bypassed during debug mode. Modes of Introduction: - Architecture and Design Related Weaknesses CWE-667 Consequences Access...
CWE-1235 – Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations
Description The code uses boxed primitives, which may introduce inefficiencies into performance-critical operations. Modes of Introduction: - Implementation Related Weaknesses CWE-400 Consequences...
CWE-1236 – Improper Neutralization of Formula Elements in a CSV File
Description The software saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be...
CWE-1239 – Improper Zeroization of Hardware Register
Description The hardware product does not properly clear sensitive information from built-in registers when the user of the hardware block changes. Hardware logic operates on...