CWE-697 - Incorrect Comparison
- Abstraction:Pillar
- Structure:Simple
- Status:Incomplete
- Release Date:2008-09-09
- Latest Modification Date:2023-06-29
Weakness Name
Incorrect Comparison
Description
The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.
This Pillar covers several possibilities:
Common Consequences
Scope: Other
Impact: Varies by Context
Microsoft fixes printing issues caused by January Windows updates
RedCurl cyberspies create ransomware to encrypt Hyper-V servers
EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware
Microsoft: Recent Windows updates cause Remote Desktop issues
Malicious npm Package Modifies Local 'ethers' Library to Launch Reverse Shell Attacks
Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on 140+ Platforms
Windows 11 update breaks Veeam recovery, causes connection errors
Google fixes Chrome zero-day exploited in espionage campaign
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
CVE-2025-30066 tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-24201 Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
CVE-2025-21590 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability
CVE-2025-26633 Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability
CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives