CWE-372 – Incomplete Internal State Distinction

Read Time:20 Second

Description

The software does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect operations in a security-relevant manner.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-664

 

Consequences

Integrity, Other: Varies by Context, Unexpected State

 

Potential Mitigations

CVE References