CWE-1263 Insufficient Physical Protection Mechanism
The product is designed such that certain parts be restricted yet does not sufficiently protect against an unauthorized actor’s ability to physically access these restricted regions of the product.
0 1 0 0 1
CWE-263 Password Aging with Long Expiration
Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.
0 0 1 0 1
CWE-28 Path Traversal: '..\filedir'
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize .. sequences that can resolve to a location that is outside of that directory.
0 1 0 0 1
CWE-703 Improper Check or Handling of Exceptional Conditions
The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software.
0 1 0 0 1
CWE-758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
The software uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.
0 0 1 0 1
CWE-691 Insufficient Control Flow Management
The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.
0 0 1 0 1
CWE-544 Missing Standardized Error Handling Mechanism
The software does not use a standardized method for handling errors throughout the code, which might introduce inconsistent error handling and resultant weaknesses.
0 0 1 0 1
CWE-1270 Generation of Incorrect Security Identifiers
The product implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Identifiers generated in the system are incorrect.
0 0 0 1 1