CWE-602: Client-Side Enforcement of Server-Side Security
low-riskThe product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.
Common Consequences
Detection Methods
Use dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results.
Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2024-23666 | 7.5 | 10.3% | — |
| CVE-2020-8162 | 7.5 | 1.5% | — |
| CVE-2024-31491 | 8.8 | 1.1% | — |
| CVE-2023-0581 | 5.3 | 0.9% | — |
| CVE-2025-33025 | 9.9 | 0.9% | — |
| CVE-2025-33024 | 9.9 | 0.9% | — |
| CVE-2025-32469 | 9.9 | 0.9% | — |
| CVE-2023-42787 | 6.5 | 0.8% | — |
| CVE-2024-32521 | 5.3 | 0.7% | — |
| CVE-2024-44106 | 8.8 | 0.7% | — |