CWE-400, also referred to as resource exhaustion, occurs when a system fails to properly manage or limit the use of resources such as CPU, memory, disk space, or network bandwidth. Attackers exploit this weakness to degrade system performance or cause a complete denial of service (DoS).
Improper Authentication occurs when a software application fails to properly verify the identity of a user or system attempting to gain access. This weakness enables unauthorised entities to bypass security measures and gain access to sensitive data or system functionalities.
CWE-77 refers to the improper neutralisation of special elements used in a command. These special elements, when inadequately sanitised, allow attackers to inject malicious commands that the system interprets and executes. This vulnerability commonly appears in applications that dynamically construct system commands based on user inputs.
Software and data integrity failures refer to vulnerabilities that arise when untrusted or unverified components are introduced into software systems. These failures occur when attackers manipulate software or data to exploit weak points, potentially leading to unauthorised control, data breaches, or malicious activities within applications.