CWE-449 - The UI Performs the Wrong Action

Home/CWEs/CWE info/

CWE-449

Abstraction:
Base

Structure:
Simple

Status:
Incomplete

Weakness Name: The UI Performs the Wrong Action

Description: The UI performs the wrong action with respect to the user's request.

Common Consequences: Scope: Other
Impact: Quality Degradation, Varies by Context

Related Weaknesses: CWE-446UI Discrepancy for Security Feature

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Latest Security News

North Korean hackers use new macOS malware against crypto firms

CISA warns of critical Palo Alto Networks bug exploited in attacks

Nokia says hackers leaked third-party app source code

Canada orders TikTok to shut down over national risk concerns

HPE warns of critical RCE flaws in Aruba Networking access points

North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS

A Hacker's Guide to Password Cracking

SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims

Top Alert List

MediumDirectory Browsing

InformationalInformation Disclosure - Suspicious Comments

LowCookie without SameSite Attribute

MediumMissing Anti-clickjacking Header

LowCross-Domain JavaScript Source File Inclusion

LowInformation Disclosure - Debug Error Messages

Content Security Policy (CSP) Header Not Set

MediumCSP: Wildcard Directive

HighLog4Shell (CVE-2021-45046)

HighXML External Entity Attack

Latest CVE List

CVE-2024-5910 Palo Alto Expedition Missing Authentication Vulnerability

CVE-2024-43093 Android Framework Privilege Escalation Vulnerability

CVE-2024-51567 CyberPanel Incorrect Default Permissions Vulnerability

CVE-2019-16278 Nostromo nhttpd Directory Traversal Vulnerability

CVE-2024-8957 PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability

CVE-2024-8956 PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability

CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability

CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability

CVE-2024-47575 Fortinet FortiManager Missing Authentication Vulnerability

CVE-2024-38094 Microsoft SharePoint Deserialization Vulnerability

Top CWE List

CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

HighCWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1426 Improper Validation of Generative AI Output

CWE-15 External Control of System or Configuration Setting

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CWE-201 Insertion of Sensitive Information Into Sent Data

MediumCWE-250 Execution with Unnecessary Privileges

CWE-290 Authentication Bypass by Spoofing

CWE-328 Use of Weak Hash

CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action

Free security scan for your website

Don't show website scan report rating on the leaderboard

CWE-449 - The UI Performs the Wrong Action

The UI performs the wrong action with respect to the user's request.