| CWE-446 |
The user interface does not correctly enable or configure a security feature, but the interface provides feedback that causes the user to believe that the feature is in a secure state. |
| CWE-447 |
A UI function for a security feature appears to be supported and gives feedback to the user that suggests that it is supported, but the underlying functionality is not implemented. |
| CWE-448 |
A UI function is obsolete and the product does not warn the user. |
| CWE-449 |
The UI performs the wrong action with respect to the user's request. |
| CWE-45 |
A software system that accepts path input in the form of multiple internal dot ('file...dir') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
| CWE-450 |
The UI has multiple interpretations of user input but does not prompt the user when it selects the less secure interpretation. |
| CWE-487 |
Java packages are not inherently closed; therefore, relying on them for code security is not a good practice. |
| CWE-451 |
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. |
| CWE-453 |
The software, by default, initializes an internal variable with an insecure or less secure value than is possible. |
| CWE-454 |
The software initializes critical internal variables or data stores using inputs that can be modified by untrusted actors. |
