logo

CWE-1097 - Persistent Storable Data Element without Associated Comparison Control Element

CWE-1097

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Incomplete
Weakness Name

Persistent Storable Data Element without Associated Comparison Control Element

Description

The product uses a storable data element that does not have all of the associated functions or methods that are necessary to support comparison.

For example, with Java, a class that is made persistent requires both hashCode() and equals() methods to be defined. This issue can prevent the product from running reliably, due to incorrect or unexpected comparison results. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.

Common Consequences

Scope: Other

Impact: Reduce Reliability

Related Weaknesses

CWE-1076Insufficient Adherence to Expected Conventions

CWE-595Comparison of Object References Instead of Object Contents

  • Release Date:
  • 2019-01-03
  • Latest Modification Date:
  • 2024-02-29

Free security scan for your website