CWE-1270: Generation of Incorrect Security Tokens
low-riskThe product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens generated in the system are incorrect.
Abstraction: Base
Common Consequences
Confidentiality
→
Modify Files or Directories
Real-World Examples (5)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2023-30524 | 4.3 | 0.5% | — |
| CVE-2022-31122 | 9.8 | 0.4% | — |
| CVE-2023-2882 | 9.8 | 0.1% | — |
| CVE-2023-22644 | 5.5 | 0.1% | — |
| CVE-2025-59698 | 6.8 | 0.0% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal