BaseDraft

CWE-372Incomplete Internal State Distinction

Category: other

Description

The product does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect operations in a security-relevant manner.

Common consequences· 1

  • Integrity / Other — Varies by Context, Unexpected State

Related CAPEC attack patterns· 2

CAPEC-140CAPEC-74

References

  1. https://cwe.mitre.org/data/definitions/372.html

Exploits (incoming)2

TypeTargetConfidenceTier
AttackPatternBypassing of Intermediate Forms in Multiple-Form Setscapec-140100%live
AttackPatternManipulating Statecapec-74100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Misinterpretation of Input
CWE
Improperly Implemented Security Check for Standard
CWE
Reliance on Untrusted Inputs in a Security Decision
CWE
Incorrect Synchronization
CWE
Observable Response Discrepancy
CWE
Observable Discrepancy
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.