Categories

The product is designed such that certain parts be restricted yet does not sufficiently protect against an unauthorized actor’s ability to physically access these restricted regions of the product.

Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize .. sequences that can resolve to a location that is outside of that directory.

The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software.

The software uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.

The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.

The software does not use a standardized method for handling errors throughout the code, which might introduce inconsistent error handling and resultant weaknesses.

The product implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Identifiers generated in the system are incorrect.