CWE-638 – Not Using Complete Mediation | Common Weakness Enumeration (CWE)

Overview

CWE-638 (Not Using Complete Mediation) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact: Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

The product does not perform access checks on a resource every time the resource is accessed by an entity, which can create resultant weaknesses if that entity's rights or privileges change over time.

Applicable platforms

Kind	Name	Class	Prevalence	OS / CPE
language	—	Not Language-Specific	Undetermined	—

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE	Published	Summary
CVE-2024-56512	2024-12-28	Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process G…

Previous names

Design Principle Violation: Not Using Complete Mediation (2009-01-12)
Failure to Use Complete Mediation (2010-12-13)

Content submission

Name: Pascal Meunier
Organization: Purdue University
Date: 2008-01-18
Version: Draft 8

Content modifications

Date	Name	Version	Importance	Comment
2008-07-01	Eric Dalci	1.0	—	updated Time_of_Introduction
2008-09-08	CWE Content Team	1.0	—	updated Common_Consequences, Relationships, Observed_Example, Weakness_Ordinalities
2009-01-12	CWE Content Team	1.2	—	updated Description, Name
2009-05-27	CWE Content Team	1.4	—	updated Related_Attack_Patterns
2010-12-13	CWE Content Team	1.11	—	updated Name
2011-06-01	CWE Content Team	1.13	—	updated Common_Consequences, Relationships
2012-05-11	CWE Content Team	2.2	—	updated Relationships
2012-10-30	CWE Content Team	2.3	—	updated Potential_Mitigations
2014-07-30	CWE Content Team	2.8	—	updated Relationships, Taxonomy_Mappings
2017-11-08	CWE Content Team	3.0	—	updated Applicable_Platforms, Causal_Nature
2020-02-24	CWE Content Team	4.0	—	updated Relationships
2022-10-13	CWE Content Team	4.9	—	updated References
2023-01-31	CWE Content Team	4.10	—	updated Description, Relationships
2023-04-27	CWE Content Team	4.11	—	updated References, Relationships, Time_of_Introduction
2023-06-29	CWE Content Team	4.12	—	updated Mapping_Notes
2023-10-26	CWE Content Team	4.13	—	updated Demonstrative_Examples