CWE-1249 Detalhe

CWE-1249

Application-Level Admin Tool with Inconsistent View of Underlying Operating System
Incomplete
2020-02-24
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Notificações para um CWE
Fique informado sobre quaisquer alterações para um CWE específico.
Gerenciar notificações

Nome: Application-Level Admin Tool with Inconsistent View of Underlying Operating System

The product provides an application for administrators to manage parts of the underlying operating system, but the application does not accurately identify all of the relevant entities or resources that exist in the OS; that is, the application's model of the OS's state is inconsistent with the OS's actual state.

Informações Gerais

Modos de Introdução

Architecture and Design : The design might assume that the underlying OS does not change.
Implementation : Assumptions about the underlying OS might be hard-coded into the application or otherwise in external data stores in a way that is not updated when the OS's state changes.

Plataformas Aplicáveis

Linguagem

Class: Not Language-Specific (Undetermined)

Sistemas Operacionais

Class: Not OS-Specific (Undetermined)

Tecnologias

Class: Web Based (Undetermined)

Consequências Comuns

Escopo Impacto Probabilidade
Access ControlVaries by Context
AccountabilityHide Activities
OtherUnexpected State

Mitigações Potenciais

Phases : Architecture and Design

Notas de Mapeamento de Vulnerabilidade

Justificativa : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comentário : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Referências

REF-1070

Ghost in the Shell Weakness
Tony Martin.
https://friendsglobal.com/ghost-in-the-shell/ghost-in-the-shell-weakness/

Submissão

Nome Organização Data Data de lançamento Version
Tony Martin 2019-06-06 +00:00 2020-02-24 +00:00 4.0

Modificações

Nome Organização Data Comentário
CWE Content Team MITRE 2020-06-25 +00:00 updated Demonstrative_Examples
CWE Content Team MITRE 2023-01-31 +00:00 updated Description
CWE Content Team MITRE 2023-04-27 +00:00 updated References, Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2025-12-11 +00:00 updated Weakness_Ordinalities
As informações apresentadas no CVE Find originam-se de várias fontes de referência cuidadosamente selecionadas. Os dados CVE são fornecidos pela MITRE Corporation e pelo National Vulnerability Database (NVD). O catálogo de Vulnerabilidades Conhecidas Exploradas (KEV) é proveniente da Cybersecurity and Infrastructure Security Agency (CISA), enquanto as pontuações EPSS vêm do FIRST.org. Além disso, os dados sobre fraquezas de software (CWE) e padrões de ataque comuns (CAPEC) são mantidos pela MITRE Corporation, e as informações sobre configurações de hardware e software (CPE) são fornecidas pelo NVD.