PillarIncomplete

CWE-697Incorrect Comparison

Category: other

Description

The product compares two entities in a security-relevant context, but the comparison is incorrect.

Common consequences· 1

  • Other — Varies by Context
    When the comparison is incorrect, it may lead to resultant weaknesses.

Related CAPEC attack patterns· 29

CAPEC-10CAPEC-120CAPEC-14CAPEC-15CAPEC-182CAPEC-24CAPEC-267CAPEC-3CAPEC-41CAPEC-43CAPEC-44CAPEC-45CAPEC-46CAPEC-47CAPEC-52CAPEC-53CAPEC-6CAPEC-64CAPEC-67CAPEC-7CAPEC-71CAPEC-73CAPEC-78CAPEC-79CAPEC-8CAPEC-80CAPEC-88CAPEC-9CAPEC-92

References

  1. https://cwe.mitre.org/data/definitions/697.html

Exploits (incoming)29

TypeTargetConfidenceTier
AttackPatternBlind SQL Injectioncapec-7100%live
AttackPatternArgument Injectioncapec-6100%live
AttackPatternBuffer Overflow via Symbolic Linkscapec-45100%live
AttackPatternOverflow Variables and Tagscapec-46100%live
AttackPatternPostfix, Null Terminate, and Backslashcapec-53100%live
AttackPatternUsing Slashes and URL Encoding Combined to Bypass Validation Logiccapec-64100%live
AttackPatternUsing Leading 'Ghost' Character Sequences to Bypass Input Filterscapec-3100%live
AttackPatternExploiting Multiple Input Interpretation Layerscapec-43100%live
AttackPatternUsing Escaped Slashes in Alternate Encodingcapec-78100%live
AttackPatternUsing Slashes in Alternate Encodingcapec-79100%live
AttackPatternBuffer Overflow in an API Callcapec-8100%live
AttackPatternUsing Unicode Encoding to Bypass Validation Logiccapec-71100%live
AttackPatternLeverage Alternate Encodingcapec-267100%live
AttackPatternEmbedding NULL Bytescapec-52100%live
AttackPatternClient-side Injection-induced Buffer Overflowcapec-14100%live
AttackPatternFlash Injectioncapec-182100%live
AttackPatternUsing UTF-8 Encoding to Bypass Validation Logiccapec-80100%live
AttackPatternFilter Failure through Buffer Overflowcapec-24100%live
AttackPatternDouble Encodingcapec-120100%live
AttackPatternBuffer Overflow via Environment Variablescapec-10100%live
AttackPatternBuffer Overflow via Parameter Expansioncapec-47100%live
AttackPatternOS Command Injectioncapec-88100%live
AttackPatternOverflow Binary Resource Filecapec-44100%live
AttackPatternUser-Controlled Filenamecapec-73100%live
AttackPatternUsing Meta-characters in E-mail Headers to Inject Malicious Payloadscapec-41100%live
AttackPatternString Format Overflow in syslog()capec-67100%live
AttackPatternCommand Delimiterscapec-15100%live
AttackPatternBuffer Overflow in Local Command-Line Utilitiescapec-9100%live
AttackPatternForced Integer Overflowcapec-92100%live

(incoming)7

TypeTargetConfidenceTier
VulnerabilityCVE-2025-27909cve-2025-279090%live
VulnerabilityCVE-2025-3102cve-2025-31020%live
VulnerabilityCVE-2025-48952cve-2025-489520%live
VulnerabilityCVE-2025-54336cve-2025-543360%live
VulnerabilityCVE-2026-34210cve-2026-342100%live
VulnerabilityCVE-2026-44196cve-2026-441960%live
KEVEntryUnraid Authentication Bypass Vulnerabilitykev-cve-2020-58490%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Validation of Unsafe Equivalence in Input
CWE
Use of Incorrectly-Resolved Name or Reference
CWE
Obscured Security-relevant Information by Alternate Name
CWE
Insufficient Verification of Data Authenticity
CWE
Misinterpretation of Input
CWE
Incorrect Authorization
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.