CWE-435: Improper Interaction Between Multiple Correctly-Behaving Entities

PillarDraft

An interaction error occurs when two entities have correct behavior when running independently of each other, but when they are integrated as components in a larger system or process, they introduce incorrect behaviors that may cause resultant weaknesses.

View on MITRE
Back to CWE Lookup

Extended Description

When a system or process combines multiple independent components, this often produces new, emergent behaviors at the system level. However, if the interactions between these components are not fully accounted for, some of the emergent behaviors can be incorrect or even insecure.

Technical Details

Structure
Simple

Applicable To

Languages
Not Language-Specific
Platforms

Frequently Asked Questions

What is CWE-435: Improper Interaction Between Multiple Correctly-Behaving Entities?+

CWE-435: Improper Interaction Between Multiple Correctly-Behaving Entities is a Common Weakness Enumeration (CWE) entry maintained by MITRE. An interaction error occurs when two entities have correct behavior when running independently of each other, but when they are integrated as components in a larger system or process, they introduce incorrect behaviors that may cause resultant weaknesses. When a system or process combines multiple independent components, this often produces new, emergent behaviors at the system level. However, if the interactions between these components are not fully accounted for, some of the emergent behaviors can be incorrect or even insecure.

What are the security consequences of Improper Interaction Between Multiple Correctly-Behaving Entities?+

If exploited, CWE-435 (Improper Interaction Between Multiple Correctly-Behaving Entities) it can compromise Integrity, leading to outcomes such as Unexpected State and Varies by Context.

Which programming languages are affected by Improper Interaction Between Multiple Correctly-Behaving Entities?+

CWE-435 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What are real-world examples of Improper Interaction Between Multiple Correctly-Behaving Entities?+

MITRE documents real CVEs mapped to CWE-435, including CVE-2002-0485 and CVE-2003-0411. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-435 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More