CWE-449 - The UI Performs the Wrong Action

Home/CWEs/CWE info/

CWE-449

Abstraction:
Base

Structure:
Simple

Status:
Incomplete

Weakness Name: The UI Performs the Wrong Action

Description: The UI performs the wrong action with respect to the user's request.

Common Consequences: Scope: Other
Impact: Quality Degradation, Varies by Context

Related Weaknesses: CWE-446UI Discrepancy for Security Feature

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Top Security News

New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks

Hackers now use AppDomain Injection to drop CobaltStrike beacons

Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)

Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites

Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority

Download: CIS Critical Security Controls v8.1

Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform

PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released

Common Alerts

HighServer Side Code Injection - ASP Code Injection

LowDeprecated Feature Policy Header Set

InformationalCross Site Scripting (Persistent) - Spider

LowServer Leaks Version Information via "Server" HTTP Response Header Field

MediumWeak Authentication Method

HighCross-Domain Misconfiguration - Adobe - Send

HighNoSQL Injection - MongoDB (Time Based)

MediumSub Resource Integrity Attribute Missing

InformationalSec-Fetch-User Header Has an Invalid Value

HighCross Site Scripting (Reflected)

Top CVE List

CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability

CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

CVE-2019-15949 Nagios XI Remote Code Execution Vulnerability

CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2021-26858 Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability

Top CWE List

CWE-1245 Improper Finite State Machines (FSMs) in Hardware Logic

HighCWE-805 Buffer Access with Incorrect Length Value

CWE-1072 Data Resource Access without Use of Connection Pooling

CWE-1091 Use of Object without Invoking Destructor Method

CWE-1174 ASP.NET Misconfiguration: Improper Model Validation

HighCWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1191 On-Chip Debug and Test Interface With Improper Access Control

MediumCWE-190 Integer Overflow or Wraparound

LowCWE-262 Not Using Password Aging

CWE-36 Absolute Path Traversal

Free security scan for your website

Don't show website scan report rating on the leaderboard

CWE-449 - The UI Performs the Wrong Action

The UI performs the wrong action with respect to the user's request.