CVEbaza.plSłownik CWECWE-435
Common Weakness Enumeration

CWE-435

Improper Interaction Between Multiple Correctly-Behaving Entities

Kategoria: PillarCVE: 4
Opis

Błąd interakcji występuje, gdy dwie jednostki zachowują się poprawnie przy niezależnym działaniu, ale po zintegrowaniu jako komponenty w większym systemie lub procesie wprowadzają nieprawidłowe zachowania. Może to prowadzić do powstania słabości bezpieczeństwa wynikających z konfliktów lub niekompatybilności między komponentami.

Description (EN)

An interaction error occurs when two entities have correct behavior when running independently of each other, but when they are integrated as components in a larger system or process, they introduce incorrect behaviors that may cause resultant weaknesses.

Podatności CVE z CWE-435 (4)
7.7
CVSS
HIGH
CVE-2021-34699

A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could exploit this vulnerability by requesting a particular CLI command to be run through the web UI. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

pub. 2021-09-23
5.3
CVSS
MEDIUM
CVE-2023-43052

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with.

pub. 2025-03-07
2.6
CVSS
LOW
CVE-2020-5255

In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and `Content-Type` header. When the response is cached, this can prevent the use of the website by other users. This has been patched in versions 4.4.7 and 5.0.7.

pub. 2020-03-30
Informacje
ID: CWE-435
Typ: Pillar
Podatności: 4
MITRE CWE ↗
← Słownik CWE
CWE-435 — Nieprawidłowa Interakcja Między Wieloma Jednostkami o Poprawnym Zachowaniu | Słownik CWE | CVEbaza.pl