CWE-203: Observable Discrepancy
low-riskThe product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
Abstraction: Base
Common Consequences
Confidentiality
→
Read Application Data
Confidentiality
→
Read Application Data
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2017-5753 | 5.6 | 94.3% | — |
| CVE-2017-5715 | 5.6 | 89.1% | — |
| CVE-2017-5715 | 5.6 | 89.1% | — |
| CVE-2017-1000385 | 5.9 | 83.9% | — |
| CVE-2023-28770 | 7.5 | 83.7% | — |
| CVE-2017-13099 | 7.5 | 78.7% | — |
| CVE-2017-13099 | 7.5 | 78.7% | — |
| CVE-2017-6168 | 7.4 | 75.9% | — |
| CVE-2017-17427 | 5.9 | 70.5% | — |
| CVE-2017-12373 | 5.9 | 66.9% | — |
5
/ 100
low-risk
Active Threat
5/50 · Minimal
Exploit Availability
0/50 · Minimal