Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-435 (交互错误) — Vulnerability Class 3

3 vulnerabilities classified as CWE-435 (交互错误). AI Chinese analysis included.

CWE-435 represents a systemic architectural weakness where individually secure components interact to create unexpected vulnerabilities within a larger integrated system. This flaw typically emerges when developers assume that combining well-behaved, independent modules will inherently preserve their security properties, ignoring the emergent behaviors that arise during integration. Attackers exploit this by manipulating the interface or data flow between these components, triggering race conditions, state inconsistencies, or logic errors that were not present in isolation. To mitigate this risk, developers must adopt a holistic security approach that extends beyond individual module validation. This involves rigorous interface testing, comprehensive threat modeling of component interactions, and implementing strict validation and sanitization at integration points. By treating the system as a unified entity rather than a collection of isolated parts, engineers can identify and resolve these complex interaction flaws before deployment.

MITRE CWE Description
An interaction error occurs when two entities have correct behavior when running independently of each other, but when they are integrated as components in a larger system or process, they introduce incorrect behaviors that may cause resultant weaknesses. When a system or process combines multiple independent components, this often produces new, emergent behaviors at the system level. However, if the interactions between these components are not fully accounted for, some of the emergent behaviors can be incorrect or even insecure.
Common Consequences (1)
IntegrityUnexpected State, Varies by Context
Examples (1)
The paper "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" [REF-428] shows that OSes varied widely in how they manage unusual packets, which made it difficult or impossible for intrusion detection systems to properly detect certain attacker manipulations that took advantage of these OS differences.
CVE IDTitleCVSSSeverityPublished
CVE-2023-43052 IBM Control Center external service interaction — Control Center 5.3 Medium2025-03-07
CVE-2021-34699 Cisco IOS and IOS XE Software TrustSec CLI Parser Denial of Service Vulnerability — Cisco IOS 7.7 High2021-09-23
CVE-2020-5255 Prevent cache poisoning via a Response Content-Type header — symfony 2.6 Low2020-03-30

Vulnerabilities classified as CWE-435 (交互错误) represent 3 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.