CWE-203 - Observable discrepancy

Description

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Discrepancies can take many forms, and variations may be detectable in timing, control flow, communications such as replies or requests, or general behavior. These discrepancies can reveal information about the product's operation or internal state to an unauthorized actor. In some cases, discrepancies can be used by attackers to form a side channel.

Latest vulnerabilities for CWE-203

Marvin attack in Linux kernel 2024-04-25
Medium Yes

Multiple vulnerabilities in IBM Power Hardware Management Console (HMC) 2024-04-18
Medium Yes

Multiple vulnerabilities in IBM PowerVM Novalink 2024-04-18
Medium Yes

Multiple vulnerabilities in Oracle Linux 2024-04-17
High Yes

Multiple vulnerabilities in Juniper Networks Junos cRPD 2024-04-15
High Yes

Multiple vulnerabilities in Juniper Cloud Native Router 2024-04-15
High Yes

Multiple vulnerabilities in IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 2024-04-15
High Yes

Multiple vulnerabilities in IBM QRadar SIEM 2024-04-12
High Yes

Multiple vulnerabilities in IBM QRadar Suite Software 2024-04-11
High Yes

Observable discrepancy in IBM Process Mining 2024-04-09
Medium Yes

References

Description of CWE-203 on Mitre website