Category Archives: CWE

CWE

CWE-1057 – Data Access Operations Outside of Expected Data Manager Component

Read Time:15 Second

Description

The software uses a dedicated, central data manager component as required by design, but it contains code that performs data-access operations that do not use this data manager.

Modes of Introduction:

 

 

Related Weaknesses

CWE-1061

 

Consequences

Other: Reduce Performance

 

Potential Mitigations

CVE References

CWE

CWE-1058 – Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element

Read Time:15 Second

Description

The code contains a function or method that
operates in a multi-threaded environment but owns an unsafe non-final
static storable or member data element.

Modes of Introduction:

 

 

Related Weaknesses

CWE-662
CWE-662
CWE-662

 

Consequences

Other: Reduce Reliability

 

Potential Mitigations

CVE References

CWE

CWE-1059 – Insufficient Technical Documentation

Read Time:33 Second

Description

The product does not contain sufficient
technical or engineering documentation (whether on paper or
in electronic form) that contains descriptions of all the
relevant software/hardware elements of the product, such as
its usage, structure, architectural components, interfaces, design, implementation,
configuration, operation, etc.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-710

 

Consequences

Other: Varies by Context, Hide Activities, Reduce Reliability, Quality Degradation, Reduce Maintainability

Without a method of verification, one cannot be sure that everything only functions as expected.

 

Potential Mitigations

Phase: Documentation, Architecture and Design

Description: 

Ensure that design documentation is detailed enough to allow for post-manufacturing verification.

CVE References

CWE

CWE-106 – Struts: Plug-in Framework not in Use

Read Time:25 Second

Description

When an application does not use an input validation framework such as the Struts Validator, there is a greater risk of introducing weaknesses related to insufficient input validation.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-1173
CWE-20

 

Consequences

Integrity: Unexpected State

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Use an input validation framework such as Struts.

Phase: Architecture and Design

Description: 

Use an input validation framework such as Struts.

Phase: Implementation

Description: 

Phase: Implementation

Description: 

CVE References

CWE

CWE-1061 – Insufficient Encapsulation

Read Time:17 Second

Description

The software does not sufficiently hide the internal representation and implementation details of data or methods, which might allow external components or modules to modify data unexpectedly, invoke unexpected functionality, or introduce dependencies that the programmer did not intend.

Modes of Introduction:

 

 

Related Weaknesses

CWE-710

 

Consequences

 

Potential Mitigations

CVE References