CWE - Differences between Version 4.13 and Version 4.14

Home > CWE List > Reports > Differences between Version 4.13 and Version 4.14

Differences between Version 4.13 and Version 4.14

Summary | Field Change Summary | Important Changes | Detailed Difference Report

Summary

Total weaknesses/chains/composites (Version 4.14)	938
Total weaknesses/chains/composites (Version 4.13)	934
Total new	5
Total deprecated	0
Total with major changes	213
Total with only minor changes	0
Total unchanged	1208

Summary of Entry Types

Type	Version 4.13	Version 4.14
Weakness	934	938
Category	374	374
View	49	50
Deprecated	64	64
Total	1421	1426

Field Change Summary

Any change with respect to whitespace is ignored. "Minor" changes are text changes that only affect capitalization and punctuation. Most other changes are marked as "Major." Simple schema changes are treated as Minor, such as the change from AffectedResource to Affected_Resource in Draft 8, or the relationship name change from "IsRequiredBy" to "RequiredBy" in Version 1.0. For each mutual relationship between nodes A and B (such as ParentOf and ChildOf), a relationship change is noted for both A and B.

Field	Major	Minor
Name	2	0
Description	5	0
Relationships	18	0
Common_Consequences	0	0
Applicable_Platforms	0	0
Modes_of_Introduction	0	0
Detection_Factors	1	0
Potential_Mitigations	2	0
Demonstrative_Examples	92	0
Observed_Examples	38	0
Related_Attack_Patterns	0	0
Weakness_Ordinalities	0	0
Time_of_Introduction	0	0
Likelihood_of_Exploit	0	0
References	19	0
Mapping_Notes	73	0
Terminology_Notes	0	0
Alternate_Terms	0	0
Relationship_Notes	0	0
Taxonomy_Mappings	10	0
Maintenance_Notes	0	0
Research_Gaps	0	0
Background_Details	0	0
Theoretical_Notes	0	0
Other_Notes	0	0
View_Type	0	0
View_Structure	0	0
View_Filter	0	0
View_Audience	0	0
Type	2	0
Source_Taxonomy	0	0

Form and Abstraction Changes

From	To	Total	CWE IDs
Unchanged		1419
Weakness/Base	Weakness/Class	1	653
Weakness/Base	Weakness/Variant	1	581

Status Changes

From	To	Total
Unchanged		1421

Relationship Changes

The "Version 4.14 Total" lists the total number of relationships in Version 4.14. The "Shared" value is the total number of relationships in entries that were in both Version 4.14 and Version 4.13. The "New" value is the total number of relationships involving entries that did not exist in Version 4.13. Thus, the total number of relationships in Version 4.14 would combine stats from Shared entries and New entries.

Relationship	Version 4.14 Total	Version 4.13 Total	Version 4.14 Shared	Unchanged	Added to Version 4.14	Removed from Version 4.13	Version 4.14 New
ALL	12450	12424	12422	12410	12	14	28
ChildOf	5285	5271	5271	5265	6	6	14
ParentOf	5285	5271	5271	5265	6	6	14
MemberOf	690	690	690	690
HasMember	690	690	690	690
CanPrecede	137	137	137	137
CanFollow	137	137	137	137
StartsWith	3	3	3	3
Requires	13	13	13	13
RequiredBy	13	13	13	13
CanAlsoBe	27	27	27	27
PeerOf	170	172	170	170		2

Nodes Removed from Version 4.13

CWE-ID	CWE Name
None.

Nodes Added to Version 4.14

CWE-ID	CWE Name
1420	Exposure of Sensitive Information during Transient Execution
1421	Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution
1422	Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution
1423	Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution
1424	Weaknesses Addressed by ISA/IEC 62443 Requirements

Nodes Deprecated in Version 4.14

CWE-ID	CWE Name
None.

Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D	Description
N	Name
R	Relationships

D			14	Compiler Removal of Code to Clear Buffers
		R	79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
		R	166	Improper Handling of Missing Special Element
		R	167	Improper Handling of Additional Special Element
		R	168	Improper Handling of Inconsistent Special Elements
		R	228	Improper Handling of Syntactically Invalid Structure
D			328	Use of Weak Hash
		R	333	Improper Handling of Insufficient Entropy in TRNG
		R	494	Download of Code Without Integrity Check
		R	594	J2EE Framework: Saving Unserializable Objects to Disk
		R	669	Incorrect Resource Transfer Between Spheres
		R	703	Improper Check or Handling of Exceptional Conditions
		R	710	Improper Adherence to Coding Standards
		R	755	Improper Handling of Exceptional Conditions
D			1003	Weaknesses for Simplified Mapping of Published Vulnerabilities
		R	1070	Serializable Data Element Containing non-Serializable Item Elements
		R	1076	Insufficient Adherence to Expected Conventions
	N		1192	Improper Identifier for IP Block used in System-On-Chip (SOC)
		R	1198	Privilege Separation and Access Control Issues
		R	1201	Core and Compute Issues
		R	1202	Memory and Storage Issues
D	N		1302	Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)
D			1342	Information Exposure through Microarchitectural State after Transient Execution
		R	1416	Comprehensive Categorization: Resource Lifecycle Management

Detailed Difference Report

14	Compiler Removal of Code to Clear Buffers
	Major	Demonstrative_Examples, Description
	Minor	None
41	Improper Resolution of Path Equivalence
	Major	Observed_Examples
	Minor	None
55	Path Equivalence: '/./' (Single Dot Directory)
	Major	Observed_Examples
	Minor	None
79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
	Major	Relationships
	Minor	None
89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
	Major	Demonstrative_Examples, Observed_Examples
	Minor	None
90	Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
	Major	Demonstrative_Examples
	Minor	None
94	Improper Control of Generation of Code ('Code Injection')
	Major	Demonstrative_Examples, Potential_Mitigations, References
	Minor	None
95	Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
	Major	Demonstrative_Examples, Potential_Mitigations, References
	Minor	None
102	Struts: Duplicate Validation Forms
	Major	Demonstrative_Examples
	Minor	None
111	Direct Use of Unsafe JNI
	Major	Demonstrative_Examples
	Minor	None
118	Incorrect Access of Indexable Resource ('Range Error')
	Major	Mapping_Notes
	Minor	None
122	Heap-based Buffer Overflow
	Major	Observed_Examples, Taxonomy_Mappings
	Minor	None
124	Buffer Underwrite ('Buffer Underflow')
	Major	Demonstrative_Examples
	Minor	None
130	Improper Handling of Length Parameter Inconsistency
	Major	Observed_Examples
	Minor	None
138	Improper Neutralization of Special Elements
	Major	Mapping_Notes
	Minor	None
166	Improper Handling of Missing Special Element
	Major	Relationships
	Minor	None
167	Improper Handling of Additional Special Element
	Major	Relationships
	Minor	None
168	Improper Handling of Inconsistent Special Elements
	Major	Relationships
	Minor	None
176	Improper Handling of Unicode Encoding
	Major	Demonstrative_Examples
	Minor	None
188	Reliance on Data/Memory Layout
	Major	Demonstrative_Examples
	Minor	None
190	Integer Overflow or Wraparound
	Major	Observed_Examples
	Minor	None
203	Observable Discrepancy
	Major	Demonstrative_Examples
	Minor	None
208	Observable Timing Discrepancy
	Major	Demonstrative_Examples
	Minor	None
211	Externally-Generated Error Message Containing Sensitive Information
	Major	Demonstrative_Examples
	Minor	None
212	Improper Removal of Sensitive Information Before Storage or Transfer
	Major	Demonstrative_Examples, Observed_Examples
	Minor	None
226	Sensitive Information in Resource Not Removed Before Reuse
	Major	Demonstrative_Examples, Observed_Examples, References
	Minor	None
228	Improper Handling of Syntactically Invalid Structure
	Major	Observed_Examples, Relationships
	Minor	None
234	Failure to Handle Missing Parameter
	Major	Mapping_Notes
	Minor	None
240	Improper Handling of Inconsistent Structural Elements
	Major	Demonstrative_Examples, Observed_Examples
	Minor	None
242	Use of Inherently Dangerous Function
	Major	Observed_Examples
	Minor	None
244	Improper Clearing of Heap Memory Before Release ('Heap Inspection')
	Major	Observed_Examples
	Minor	None
246	J2EE Bad Practices: Direct Use of Sockets
	Major	Demonstrative_Examples
	Minor	None
248	Uncaught Exception
	Major	Observed_Examples
	Minor	None
253	Incorrect Check of Function Return Value
	Major	Observed_Examples
	Minor	None
256	Plaintext Storage of a Password
	Major	Taxonomy_Mappings
	Minor	None
259	Use of Hard-coded Password
	Major	Observed_Examples
	Minor	None
274	Improper Handling of Insufficient Privileges
	Major	Mapping_Notes
	Minor	None
284	Improper Access Control
	Major	Observed_Examples
	Minor	None
287	Improper Authentication
	Major	Observed_Examples
	Minor	None
306	Missing Authentication for Critical Function
	Major	Observed_Examples
	Minor	None
311	Missing Encryption of Sensitive Data
	Major	Taxonomy_Mappings
	Minor	None
312	Cleartext Storage of Sensitive Information
	Major	Taxonomy_Mappings
	Minor	None
316	Cleartext Storage of Sensitive Information in Memory
	Major	Observed_Examples
	Minor	None
319	Cleartext Transmission of Sensitive Information
	Major	Demonstrative_Examples
	Minor	None
328	Use of Weak Hash
	Major	Demonstrative_Examples, Description, References
	Minor	None
330	Use of Insufficiently Random Values
	Major	Mapping_Notes
	Minor	None
332	Insufficient Entropy in PRNG
	Major	Observed_Examples, References
	Minor	None
333	Improper Handling of Insufficient Entropy in TRNG
	Major	Relationships
	Minor	None
340	Generation of Predictable Numbers or Identifiers
	Major	Demonstrative_Examples
	Minor	None
344	Use of Invariant Value in Dynamically Changing Context
	Major	Demonstrative_Examples
	Minor	None
345	Insufficient Verification of Data Authenticity
	Major	Mapping_Notes
	Minor	None
346	Origin Validation Error
	Major	Taxonomy_Mappings
	Minor	None
348	Use of Less Trusted Source
	Major	Observed_Examples
	Minor	None
354	Improper Validation of Integrity Check Value
	Major	Taxonomy_Mappings
	Minor	None
372	Incomplete Internal State Distinction
	Major	Mapping_Notes
	Minor	None
382	J2EE Bad Practices: Use of System.exit()
	Major	Demonstrative_Examples
	Minor	None
385	Covert Timing Channel
	Major	Demonstrative_Examples
	Minor	None
390	Detection of Error Condition Without Action
	Major	Demonstrative_Examples
	Minor	None
391	Unchecked Error Condition
	Major	Mapping_Notes
	Minor	None
392	Missing Report of Error Condition
	Major	Observed_Examples, References
	Minor	None
395	Use of NullPointerException Catch to Detect NULL Pointer Dereference
	Major	Demonstrative_Examples
	Minor	None
397	Declaration of Throws for Generic Exception
	Major	Demonstrative_Examples
	Minor	None
405	Asymmetric Resource Consumption (Amplification)
	Major	Demonstrative_Examples
	Minor	None
408	Incorrect Behavior Order: Early Amplification
	Major	Demonstrative_Examples
	Minor	None
416	Use After Free
	Major	Taxonomy_Mappings
	Minor	None
420	Unprotected Alternate Channel
	Major	Demonstrative_Examples
	Minor	None
424	Improper Protection of Alternate Path
	Major	Observed_Examples
	Minor	None
434	Unrestricted Upload of File with Dangerous Type
	Major	Observed_Examples
	Minor	None
435	Improper Interaction Between Multiple Correctly-Behaving Entities
	Major	Demonstrative_Examples, References
	Minor	None
440	Expected Behavior Violation
	Major	Demonstrative_Examples, References
	Minor	None
460	Improper Cleanup on Thrown Exception
	Major	Demonstrative_Examples
	Minor	None
480	Use of Incorrect Operator
	Major	Demonstrative_Examples, References
	Minor	None
494	Download of Code Without Integrity Check
	Major	Demonstrative_Examples, Relationships
	Minor	None
514	Covert Channel
	Major	Demonstrative_Examples
	Minor	None
536	Servlet Runtime Error Message Containing Sensitive Information
	Major	Demonstrative_Examples
	Minor	None
537	Java Runtime Error Message Containing Sensitive Information
	Major	Demonstrative_Examples
	Minor	None
547	Use of Hard-coded, Security-relevant Constants
	Major	Demonstrative_Examples
	Minor	None
561	Dead Code
	Major	Demonstrative_Examples
	Minor	None
562	Return of Stack Variable Address
	Major	Demonstrative_Examples
	Minor	None
563	Assignment to Variable without Use
	Major	Demonstrative_Examples
	Minor	None
566	Authorization Bypass Through User-Controlled SQL Primary Key
	Major	Demonstrative_Examples
	Minor	None
581	Object Model Violation: Just One of Equals and Hashcode Defined
	Major	Type
	Minor	None
585	Empty Synchronized Block
	Major	Demonstrative_Examples
	Minor	None
587	Assignment of a Fixed Address to a Pointer
	Major	Demonstrative_Examples
	Minor	None
594	J2EE Framework: Saving Unserializable Objects to Disk
	Major	Relationships
	Minor	None
601	URL Redirection to Untrusted Site ('Open Redirect')
	Major	Demonstrative_Examples
	Minor	None
610	Externally Controlled Reference to a Resource in Another Sphere
	Major	Demonstrative_Examples, Mapping_Notes
	Minor	None
617	Reachable Assertion
	Major	Observed_Examples
	Minor	None
639	Authorization Bypass Through User-Controlled Key
	Major	Demonstrative_Examples
	Minor	None
643	Improper Neutralization of Data within XPath Expressions ('XPath Injection')
	Major	Demonstrative_Examples
	Minor	None
653	Improper Isolation or Compartmentalization
	Major	Type
	Minor	None
657	Violation of Secure Design Principles
	Major	Mapping_Notes
	Minor	None
662	Improper Synchronization
	Major	Mapping_Notes
	Minor	None
665	Improper Initialization
	Major	Mapping_Notes
	Minor	None
666	Operation on Resource in Wrong Phase of Lifetime
	Major	Mapping_Notes
	Minor	None
669	Incorrect Resource Transfer Between Spheres
	Major	Demonstrative_Examples, Observed_Examples, Relationships
	Minor	None
671	Lack of Administrator Control over Security
	Major	Demonstrative_Examples, Observed_Examples
	Minor	None
674	Uncontrolled Recursion
	Major	Demonstrative_Examples
	Minor	None
680	Integer Overflow to Buffer Overflow
	Major	Demonstrative_Examples, Observed_Examples
	Minor	None
681	Incorrect Conversion between Numeric Types
	Major	Observed_Examples
	Minor	None
691	Insufficient Control Flow Management
	Major	Demonstrative_Examples
	Minor	None
694	Use of Multiple Resources with Duplicate Identifier
	Major	Demonstrative_Examples
	Minor	None
695	Use of Low-Level Functionality
	Major	Demonstrative_Examples
	Minor	None
696	Incorrect Behavior Order
	Major	Demonstrative_Examples
	Minor	None
703	Improper Check or Handling of Exceptional Conditions
	Major	Demonstrative_Examples, Observed_Examples, References, Relationships
	Minor	None
704	Incorrect Type Conversion or Cast
	Major	Observed_Examples
	Minor	None
705	Incorrect Control Flow Scoping
	Major	Demonstrative_Examples, Observed_Examples
	Minor	None
710	Improper Adherence to Coding Standards
	Major	Relationships
	Minor	None
733	Compiler Optimization Removal or Modification of Security-critical Code
	Major	Demonstrative_Examples
	Minor	None
754	Improper Check for Unusual or Exceptional Conditions
	Major	Observed_Examples
	Minor	None
755	Improper Handling of Exceptional Conditions
	Major	Demonstrative_Examples, Mapping_Notes, Observed_Examples, References, Relationships
	Minor	None
758	Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
	Major	Demonstrative_Examples
	Minor	None
759	Use of a One-Way Hash without a Salt
	Major	Demonstrative_Examples
	Minor	None
766	Critical Data Element Declared Public
	Major	Demonstrative_Examples
	Minor	None
770	Allocation of Resources Without Limits or Throttling
	Major	Taxonomy_Mappings
	Minor	None
786	Access of Memory Location Before Start of Buffer
	Major	Demonstrative_Examples
	Minor	None
787	Out-of-bounds Write
	Major	Demonstrative_Examples
	Minor	None
798	Use of Hard-coded Credentials
	Major	Observed_Examples
	Minor	None
805	Buffer Access with Incorrect Length Value
	Major	Demonstrative_Examples
	Minor	None
834	Excessive Iteration
	Major	Demonstrative_Examples, Mapping_Notes
	Minor	None
835	Loop with Unreachable Exit Condition ('Infinite Loop')
	Major	Demonstrative_Examples
	Minor	None
863	Incorrect Authorization
	Major	Taxonomy_Mappings
	Minor	None
915	Improperly Controlled Modification of Dynamically-Determined Object Attributes
	Major	Demonstrative_Examples
	Minor	None
916	Use of Password Hash With Insufficient Computational Effort
	Major	Demonstrative_Examples
	Minor	None
923	Improper Restriction of Communication Channel to Intended Endpoints
	Major	Demonstrative_Examples
	Minor	None
942	Permissive Cross-domain Policy with Untrusted Domains
	Major	Demonstrative_Examples
	Minor	None
943	Improper Neutralization of Special Elements in Data Query Logic
	Major	Demonstrative_Examples
	Minor	None
1003	Weaknesses for Simplified Mapping of Published Vulnerabilities
	Major	Description
	Minor	None
1041	Use of Redundant Code
	Major	Mapping_Notes
	Minor	None
1042	Static Member Data Element outside of a Singleton Class Element
	Major	Mapping_Notes
	Minor	None
1043	Data Element Aggregating an Excessively Large Number of Non-Primitive Elements
	Major	Mapping_Notes
	Minor	None
1044	Architecture with Number of Horizontal Layers Outside of Expected Range
	Major	Mapping_Notes
	Minor	None
1047	Modules with Circular Dependencies
	Major	Mapping_Notes
	Minor	None
1048	Invokable Control Element with Large Number of Outward Calls
	Major	Mapping_Notes
	Minor	None
1051	Initialization with Hard-Coded Network Resource Configuration Data
	Major	Mapping_Notes
	Minor	None
1053	Missing Documentation for Design
	Major	Mapping_Notes
	Minor	None
1054	Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer
	Major	Mapping_Notes
	Minor	None
1055	Multiple Inheritance from Concrete Classes
	Major	Mapping_Notes
	Minor	None
1056	Invokable Control Element with Variadic Parameters
	Major	Mapping_Notes
	Minor	None
1057	Data Access Operations Outside of Expected Data Manager Component
	Major	Mapping_Notes
	Minor	None
1059	Insufficient Technical Documentation
	Major	Mapping_Notes
	Minor	None
1060	Excessive Number of Inefficient Server-Side Data Accesses
	Major	Mapping_Notes
	Minor	None
1061	Insufficient Encapsulation
	Major	Demonstrative_Examples
	Minor	None
1062	Parent Class with References to Child Class
	Major	Mapping_Notes
	Minor	None
1063	Creation of Class Instance within a Static Code Block
	Major	Mapping_Notes
	Minor	None
1064	Invokable Control Element with Signature Containing an Excessive Number of Parameters
	Major	Mapping_Notes
	Minor	None
1065	Runtime Resource Management Control Element in a Component Built to Run on Application Servers
	Major	Mapping_Notes
	Minor	None
1066	Missing Serialization Control Element
	Major	Mapping_Notes
	Minor	None
1068	Inconsistency Between Implementation and Documented Design
	Major	Mapping_Notes
	Minor	None
1069	Empty Exception Block
	Major	Demonstrative_Examples, Mapping_Notes
	Minor	None
1070	Serializable Data Element Containing non-Serializable Item Elements
	Major	Mapping_Notes, Relationships
	Minor	None
1071	Empty Code Block
	Major	Demonstrative_Examples
	Minor	None
1072	Data Resource Access without Use of Connection Pooling
	Major	Mapping_Notes
	Minor	None
1073	Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses
	Major	Mapping_Notes
	Minor	None
1074	Class with Excessively Deep Inheritance
	Major	Mapping_Notes
	Minor	None
1076	Insufficient Adherence to Expected Conventions
	Major	Mapping_Notes, Relationships
	Minor	None
1078	Inappropriate Source Code Style or Formatting
	Major	Demonstrative_Examples, Mapping_Notes
	Minor	None
1080	Source Code File with Excessive Number of Lines of Code
	Major	Mapping_Notes
	Minor	None
1082	Class Instance Self Destruction Control Element
	Major	Mapping_Notes
	Minor	None
1083	Data Access from Outside Expected Data Manager Component
	Major	Mapping_Notes
	Minor	None
1084	Invokable Control Element with Excessive File or Data Access Operations
	Major	Mapping_Notes
	Minor	None
1085	Invokable Control Element with Excessive Volume of Commented-out Code
	Major	Mapping_Notes
	Minor	None
1086	Class with Excessive Number of Child Classes
	Major	Mapping_Notes
	Minor	None
1090	Method Containing Access of a Member Element from Another Class
	Major	Mapping_Notes
	Minor	None
1092	Use of Same Invokable Control Element in Multiple Architectural Layers
	Major	Mapping_Notes
	Minor	None
1094	Excessive Index Range Scan for a Data Resource
	Major	Mapping_Notes
	Minor	None
1095	Loop Condition Value Update within the Loop
	Major	Mapping_Notes
	Minor	None
1097	Persistent Storable Data Element without Associated Comparison Control Element
	Major	Mapping_Notes
	Minor	None
1099	Inconsistent Naming Conventions for Identifiers
	Major	Mapping_Notes
	Minor	None
1101	Reliance on Runtime Component in Generated Code
	Major	Mapping_Notes
	Minor	None
1103	Use of Platform-Dependent Third Party Components
	Major	Mapping_Notes
	Minor	None
1105	Insufficient Encapsulation of Machine-Dependent Functionality
	Major	Demonstrative_Examples, Mapping_Notes
	Minor	None
1106	Insufficient Use of Symbolic Constants
	Major	Mapping_Notes
	Minor	None
1107	Insufficient Isolation of Symbolic Constant Definitions
	Major	Mapping_Notes
	Minor	None
1109	Use of Same Variable for Multiple Purposes
	Major	Mapping_Notes
	Minor	None
1110	Incomplete Design Documentation
	Major	Mapping_Notes
	Minor	None
1111	Incomplete I/O Documentation
	Major	Mapping_Notes
	Minor	None
1112	Incomplete Documentation of Program Execution
	Major	Mapping_Notes
	Minor	None
1113	Inappropriate Comment Style
	Major	Mapping_Notes
	Minor	None
1114	Inappropriate Whitespace Style
	Major	Mapping_Notes
	Minor	None
1115	Source Code Element without Standard Prologue
	Major	Mapping_Notes
	Minor	None
1117	Callable with Insufficient Behavioral Summary
	Major	Mapping_Notes
	Minor	None
1118	Insufficient Documentation of Error Handling Techniques
	Major	Mapping_Notes
	Minor	None
1119	Excessive Use of Unconditional Branching
	Major	Mapping_Notes
	Minor	None
1121	Excessive McCabe Cyclomatic Complexity
	Major	Mapping_Notes
	Minor	None
1122	Excessive Halstead Complexity
	Major	Mapping_Notes
	Minor	None
1124	Excessively Deep Nesting
	Major	Mapping_Notes
	Minor	None
1125	Excessive Attack Surface
	Major	Mapping_Notes
	Minor	None
1164	Irrelevant Code
	Major	Demonstrative_Examples
	Minor	None
1177	Use of Prohibited Code
	Major	Demonstrative_Examples, Observed_Examples
	Minor	None
1192	Improper Identifier for IP Block used in System-On-Chip (SOC)
	Major	Name
	Minor	None
1198	Privilege Separation and Access Control Issues
	Major	Relationships
	Minor	None
1201	Core and Compute Issues
	Major	Relationships
	Minor	None
1202	Memory and Storage Issues
	Major	Relationships
	Minor	None
1221	Incorrect Register Defaults or Module Parameters
	Major	Demonstrative_Examples
	Minor	None
1234	Hardware Internal or Debug Modes Allow Override of Locks
	Major	Demonstrative_Examples, References
	Minor	None
1239	Improper Zeroization of Hardware Register
	Major	Demonstrative_Examples, References
	Minor	None
1242	Inclusion of Undocumented Features or Chicken Bits
	Major	Taxonomy_Mappings
	Minor	None
1244	Internal Asset Exposed to Unsafe Debug Access Level or State
	Major	Demonstrative_Examples, References
	Minor	None
1255	Comparison Logic is Vulnerable to Power Side-Channel Attacks
	Major	Demonstrative_Examples
	Minor	None
1274	Improper Access Control for Volatile Memory Containing Boot Code
	Major	Detection_Factors
	Minor	None
1298	Hardware Logic Contains Race Conditions
	Major	Demonstrative_Examples, References
	Minor	None
1299	Missing Protection Mechanism for Alternate Hardware Interface
	Major	Demonstrative_Examples
	Minor	None
1302	Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)
	Major	Description, Name
	Minor	None
1310	Missing Ability to Patch ROM Code
	Major	Demonstrative_Examples, References
	Minor	None
1317	Improper Access Control in Fabric Bridge
	Major	Demonstrative_Examples, References
	Minor	None
1321	Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
	Major	Demonstrative_Examples
	Minor	None
1329	Reliance on Component That is Not Updateable
	Major	Demonstrative_Examples, References
	Minor	None
1339	Insufficient Precision or Accuracy of a Real Number
	Major	Demonstrative_Examples
	Minor	None
1342	Information Exposure through Microarchitectural State after Transient Execution
	Major	Description
	Minor	None
1390	Weak Authentication
	Major	Observed_Examples
	Minor	None
1391	Use of Weak Credentials
	Major	Observed_Examples, References
	Minor	None
1416	Comprehensive Categorization: Resource Lifecycle Management
	Major	Relationships
	Minor	None

Page Last Updated: February 29, 2024


	Site Map \| Terms of Use \| Manage Cookies \| Cookie Notice \| Privacy Policy \| Contact Us \| Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2025, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.

Common Weakness Enumeration