Description
The document does not fully define all mechanisms that are used to control or influence how product-specific programs are executed.
This includes environmental variables, configuration files, registry keys, command-line switches or options, or system settings.
Potential Impact
Other
Reduce Maintainability
Other
Increase Analytical Complexity
Related Weaknesses
Frequently Asked Questions
What is CWE-1112?
CWE-1112 (Incomplete Documentation of Program Execution) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The document does not fully define all mechanisms that are used to control or influence how product-specific programs are executed.
How can CWE-1112 be exploited?
Attackers can exploit CWE-1112 (Incomplete Documentation of Program Execution) to reduce maintainability. This weakness is typically introduced during the Documentation phase of software development.
How do I prevent CWE-1112?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-1112?
CWE-1112 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.