CVEbaza.plSłownik CWECWE-449
Common Weakness Enumeration

CWE-449

The UI Performs the Wrong Action

Kategoria: BaseCVE: 14
Opis

Interfejs użytkownika wykonuje inne działanie niż to, którego oczekuje użytkownik na podstawie jego żądania. Prowadzi to do niezamierzonych wyników i potencjalnych zagrożeń bezpieczeństwa.

Description (EN)

The UI performs the wrong action with respect to the user's request.

Podatności CVE z CWE-449 (14)
7.1
CVSS
HIGH
CVE-2023-43585

Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.

pub. 2023-12-13
7.1
CVSS
HIGH
CVE-2023-39215

Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access.

pub. 2023-09-12
7.1
CVSS
HIGH
CVE-2023-36535

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.

pub. 2023-08-08
5.9
CVSS
MEDIUM
CVE-2023-39209

Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access.

pub. 2023-08-08
5.4
CVSS
MEDIUM
CVE-2025-26643

The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

pub. 2025-03-07
5.3
CVSS
MEDIUM
CVE-2025-56139

LinkedIn Mobile Application for Android version 4.1.1087.2 fails to update link preview metadata (image, title, description) when a user replaces the original URL in a post or comment before publishing. As a result, the stale preview remains visible while the clickable link points to a different URL, which can be malicious. This UI misrepresentation enables attackers to deceive users by displaying trusted previews for harmful links, facilitating phishing attacks and user confusion.

pub. 2025-09-03
4.9
CVSS
MEDIUM
CVE-2024-24698

Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.

pub. 2024-02-14
4.3
CVSS
MEDIUM
CVE-2025-13637

Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass download protections via a crafted HTML page. (Chromium security severity: Low)

pub. 2025-12-02
4.3
CVSS
MEDIUM
CVE-2025-49736

The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

pub. 2025-08-12
4.3
CVSS
MEDIUM
CVE-2025-21404

Microsoft Edge (Chromium-based) Spoofing Vulnerability

pub. 2025-02-06
4.3
CVSS
MEDIUM
CVE-2024-49041

Microsoft Edge (Chromium-based) Spoofing Vulnerability

pub. 2024-12-06
4.3
CVSS
MEDIUM
CVE-2024-43577

Microsoft Edge (Chromium-based) Spoofing Vulnerability

pub. 2024-10-18
4.3
CVSS
MEDIUM
CVE-2024-38083

Microsoft Edge (Chromium-based) Spoofing Vulnerability

pub. 2024-06-13
3.5
CVSS
LOW
CVE-2023-43588

Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.

pub. 2023-11-15
Informacje
ID: CWE-449
Typ: Base
Podatności: 14
MITRE CWE ↗
← Słownik CWE
CWE-449 — Interfejs użytkownika wykonuje nieprawidłowe działanie | Słownik CWE | CVEbaza.pl