Category: SFP Secondary Cluster: Security
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Security cluster.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-356 | Product UI does not Warn User of Unsafe Actions | This vulnerability occurs when a software interface fails to alert users before they perform a risky action. Without clear warnings, users can be more easily misled into taking steps that harm their system or data. |
| CWE-357 | Insufficient UI Warning of Dangerous Operations | This vulnerability occurs when a software application does present a warning to a user before a risky action, but the warning is designed or placed in a way that makes it too easy to miss, ignore, or accidentally dismiss. |
| CWE-446 | UI Discrepancy for Security Feature | This vulnerability occurs when a user interface incorrectly displays a security feature as active or properly configured, misleading users into believing they are protected when they are not. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.