CWE-2: CWE CATEGORY: 7PK - Environment

ClassStable

This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that are typically introduced during unexpected environmental conditions. According to the authors of the Seven Pernicious Kingdoms, "This section includes everything that is outside of the source code but is still critical to the security of the product that is being created. Because the issues covered by this kingdom are not directly related to source code, we separated it from the rest of the kingdoms."

View on MITRE

Back to CWE Lookup

Technical Details

Structure: Simple
Vulnerability Mapping: PROHIBITED

Applicable To

Languages

Platforms

Frequently Asked Questions

What is CWE-2: CWE CATEGORY: 7PK - Environment?+

CWE-2: CWE CATEGORY: 7PK - Environment is a Common Weakness Enumeration (CWE) entry maintained by MITRE. This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that are typically introduced during unexpected environmental conditions. According to the authors of the Seven Pernicious Kingdoms, "This section includes everything that is outside of the source code but is still critical to the security of the product that is being created. Because the issues covered by this kingdom are not directly related to source code, we separated it from the rest of the kingdoms."

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-2 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.