| Nature | Type | ID | Name |
|---|---|---|---|
| HasMember | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 16 | Configuration |
| HasMember | ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. | 20 | Improper Input Validation |
| HasMember | BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| HasMember | BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 59 | Improper Link Resolution Before File Access ('Link Following') |
| HasMember | BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| HasMember | BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| HasMember | BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| HasMember | BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 94 | Improper Control of Generation of Code ('Code Injection') |
| HasMember | ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. | 119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
| HasMember | BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 134 | Use of Externally-Controlled Format String |
| HasMember | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 189 | Numeric Errors |
| HasMember | ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. | 200 | Exposure of Sensitive Information to an Unauthorized Actor |
| HasMember | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 255 | Credentials Management Errors |
| HasMember | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 264 | Permissions, Privileges, and Access Controls |
| HasMember | ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. | 287 | Improper Authentication |
| HasMember | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 310 | Cryptographic Issues |
| HasMember | CompositeComposite - a Compound Element that consists of two or more distinct weaknesses, in which all weaknesses must be present at the same time in order for a potential vulnerability to arise. Removing any of the weaknesses eliminates or sharply reduces the risk. One weakness, X, can be "broken down" into component weaknesses Y and Z. There can be cases in which one weakness might not be essential to a composite, but changes the nature of the composite when it becomes a vulnerability. | 352 | Cross-Site Request Forgery (CSRF) |
| HasMember | ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. | 362 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
| HasMember | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 399 | Resource Management Errors |
Usage: PROHIBITED
Reason: View
Rationale:
This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.Comments:
Use this View or other Views to search and navigate for the appropriate weakness.Maintenance
In Summer 2007, NIST began using this set of CWE elements to classify CVE entries within the National Vulnerability Database (NVD). The data was made publicly available beginning in 2008. In 2016, NIST began using a different list as derived from the "Weaknesses for Simplified Mapping of Published Vulnerabilities" view (CWE-1003).
| CWEs in this view | Total CWEs | ||
|---|---|---|---|
| Weaknesses | 13 | out of | 944 |
| Categories | 6 | out of | 375 |
| Views | 0 | out of | 52 |
| Total | 19 | out of | 1371 |
| Submissions | |||
|---|---|---|---|
| Submission Date | Submitter | Organization | |
|
2007年10月01日
(CWE Draft 7, 2007年10月01日) |
CWE Content Team | MITRE | |
| Modifications | |||
| Modification Date | Modifier | Organization | |
| 2008年09月08日 | CWE Content Team | MITRE | |
| updated Maintenance_Notes, Relationships, References, View_Structure | |||
| 2017年01月19日 | CWE Content Team | MITRE | |
| updated Description, Maintenance_Notes | |||
| 2017年11月08日 | CWE Content Team | MITRE | |
| updated Description, Maintenance_Notes, Name | |||
| 2021年03月15日 | CWE Content Team | MITRE | |
| updated Maintenance_Notes | |||
| 2023年06月29日 | CWE Content Team | MITRE | |
| updated Mapping_Notes | |||
|
2025年09月09日
(CWE 4.18, 2025年09月09日) |
CWE Content Team | MITRE | |
| updated References | |||
| Previous Entry Names | |||
| Change Date | Previous Entry Name | ||
| 2017年11月08日 | Weaknesses Used by NVD | ||
Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2025, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.