BaseIncomplete

CWE-1249Application-Level Admin Tool with Inconsistent View of Underlying Operating System

Category: other

Description

The product provides an application for administrators to manage parts of the underlying operating system, but the application does not accurately identify all of the relevant entities or resources that exist in the OS; that is, the application's model of the OS's state is inconsistent with the OS's actual state.

Common consequences· 3

  • Access Control — Varies by Context
  • Accountability — Hide Activities
  • Other — Unexpected State

Potential mitigations· 1

  • [Architecture and Design]

References

  1. https://cwe.mitre.org/data/definitions/1249.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CWE
Insufficient Granularity of Access Control
CWE
Reliance on Insufficiently Trustworthy Component
CWE
Improper Privilege Management
CWE
Use of Unmaintained Third Party Components
CWE
Improper Preservation of Consistency Between Independent Representations of Shared State
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.