CWE-372 - Incomplete Internal State Distinction
- Abstraction:Base
- Structure:Simple
- Status:Draft
- Release Date:2006-07-19
- Latest Modification Date:2024-02-29
Weakness Name
Incomplete Internal State Distinction
Description
The product does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect operations in a security-relevant manner.
Common Consequences
Scope: Integrity, Other
Impact: Varies by Context, Unexpected State