CWE-372

Incomplete Internal State Distinction

Base

Draft

Description

The product does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect operations in a security-relevant manner.

Parent Weaknesses (ChildOf)

CWE-664: Improper Control of a Resource...

Common Consequences

Scope

Integrity

Other

Impact

Varies by Context, Unexpected State

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-372

Incomplete Internal State Distinction

Description

Relationships

Common Consequences

Applicable Platforms