CWE-1249: Application-Level Admin Tool with Inconsistent View of Underlying Operating System
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product provides an application for administrators to manage parts of the underlying operating system, but the application does not accurately identify all of the relevant entities or resources that exist in the OS; that is, the application's model of the OS's state is inconsistent with the OS's actual state.
常见后果
影响范围: Access Control
技术影响: Varies by Context
影响范围: Accountability
技术影响: Hide Activities
影响范围: Other
技术影响: Unexpected State
潜在缓解措施
阶段: Architecture and Design
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | The design might assume that the underlying OS does not change. |
| Implementation | Assumptions about the underlying OS might be hard-coded into the application or otherwise in external data stores in a way that is not updated when the OS's state changes. |