CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Description

The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. If an attacker can cause the UI to display erroneous data, or to otherwise convince the user to display information that appears to come from a trusted source, then the attacker could trick the user into performing the wrong action. This is often a component in phishing attacks, but other kinds of problems exist.

UI misrepresentation can take many forms:

Incorrect indicator
Overlay
Icon manipulation
Timing
Visual truncation:
Visual distinction
Homographs

The weakness is introduced during Architecture and Design, Implementation stages.

Latest vulnerabilities for CWE-451

Spoofing attack in Microsoft Exchange Server 2024-11-12
Medium Yes

TCP spoofing attack in F5 Traffix SDC Linux kernel 2024-11-12
Medium No

TCP spoofing attack in F5OS Linux kernel 2024-11-12
Medium No

TCP spoofing attack in F5 BIG-IQ Centralized Management Linux kernel 2024-11-12
Medium No

TCP spoofing attack in F5 BIG-IP Linux kernel 2024-11-12
Medium No

Multiple vulnerabilities in IBM Observability with Instana 2024-11-05
High Yes

IBM MQ Appliance update for Linux Kernel 2024-10-30
Medium Yes

Remote code execution in Mozilla Thunderbird 2024-10-29
High Yes

Multiple vulnerabilities in Mozilla Thunderbird 128 2024-10-29
High Yes

Multiple vulnerabilities in Mozilla Firefox and Firefox ESR 2024-10-29
High Yes

References

Description of CWE-451 on Mitre website