CWE - CWE-635: Weaknesses Originally Used by NVD from 2008 to 2016 (4.19.1)
Home > CWE List > CWE- Individual Dictionary Definition (4.19.1)  
ID
  • Home
  • Who We Are User Stories History Documents Videos
  • Basics
    Root Cause Mapping   ►
    Guidance Quick Tips Examples
    How to Contribute Weakness Content FAQs Glossary
  • Top-N Lists   ►
    Top 25 Software Top Hardware Top 10 KEV Weaknesses
    CWE List   ►
    Current Version Reports Visualizations Releases Archive
    Downloads REST API
  • News   ►
    Current News Blog Podcast News Archive
    CWE Board Working Groups & Special Interest Groups Email Lists
  • Search CWE List Search Website

    CWE VIEW: Weaknesses Originally Used by NVD from 2008 to 2016

    View ID: 635
    Vulnerability Mapping: PROHIBITED This CWE ID must not be used to map to real-world vulnerabilities
    Type: Explicit
    Downloads: Booklet | CSV | XML
    + Objective
    CWE nodes in this view (slice) were used by NIST to categorize vulnerabilities within NVD, from 2008 to 2016. This original version has been used by many other projects.
    + Membership
    Nature Type ID Name
    HasMember CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. 16 Configuration
    HasMember ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. 20 Improper Input Validation
    HasMember BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. 22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    HasMember BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. 59 Improper Link Resolution Before File Access ('Link Following')
    HasMember BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. 78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    HasMember BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. 79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    HasMember BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. 89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    HasMember BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. 94 Improper Control of Generation of Code ('Code Injection')
    HasMember ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. 119 Improper Restriction of Operations within the Bounds of a Memory Buffer
    HasMember BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. 134 Use of Externally-Controlled Format String
    HasMember CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. 189 Numeric Errors
    HasMember ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. 200 Exposure of Sensitive Information to an Unauthorized Actor
    HasMember CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. 255 Credentials Management Errors
    HasMember CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. 264 Permissions, Privileges, and Access Controls
    HasMember ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. 287 Improper Authentication
    HasMember CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. 310 Cryptographic Issues
    HasMember CompositeComposite - a Compound Element that consists of two or more distinct weaknesses, in which all weaknesses must be present at the same time in order for a potential vulnerability to arise. Removing any of the weaknesses eliminates or sharply reduces the risk. One weakness, X, can be "broken down" into component weaknesses Y and Z. There can be cases in which one weakness might not be essential to a composite, but changes the nature of the composite when it becomes a vulnerability. 352 Cross-Site Request Forgery (CSRF)
    HasMember ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. 362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    HasMember CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. 399 Resource Management Errors
    + Vulnerability Mapping Notes

    Usage: PROHIBITED

    (this CWE ID must not be used to map to real-world vulnerabilities)

    Reason: View

    Rationale:

    This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.

    Comments:

    Use this View or other Views to search and navigate for the appropriate weakness.
    + Notes

    Maintenance

    In Summer 2007, NIST began using this set of CWE elements to classify CVE entries within the National Vulnerability Database (NVD). The data was made publicly available beginning in 2008. In 2016, NIST began using a different list as derived from the "Weaknesses for Simplified Mapping of Published Vulnerabilities" view (CWE-1003).

    + References
    [REF-1] NIST. "CWE - Common Weakness Enumeration". <https://nvd.nist.gov/vuln/categories>. URL validated: 2025-07-25.
    + View Metrics
    CWEs in this view Total CWEs
    Weaknesses 13 out of 944
    Categories 6 out of 385
    Views 0 out of 54
    Total 19 out of 1383
    + Content History
    + Submissions
    Submission Date Submitter Organization
    2007-10-01
    (CWE Draft 7, 2007-10-01)     		CWE Content Team MITRE
    + Modifications
    Modification Date Modifier Organization
    2008-09-08 CWE Content Team MITRE
    updated Maintenance_Notes, Relationships, References, View_Structure
    2017-01-19 CWE Content Team MITRE
    updated Description, Maintenance_Notes
    2017-11-08 CWE Content Team MITRE
    updated Description, Maintenance_Notes, Name
    2021-03-15 CWE Content Team MITRE
    updated Maintenance_Notes
    2023-06-29 CWE Content Team MITRE
    updated Mapping_Notes
    2025-09-09
    (CWE 4.18, 2025-09-09)     		CWE Content Team MITRE
    updated References
    + Previous Entry Names
    Change Date Previous Entry Name
    2017-11-08 Weaknesses Used by NVD
    Page Last Updated: January 21, 2026