Cyber Resilience

CWE · MITRE source

CWE-204Observable Response Discrepancy

Abstraction: Base · CVEs in our corpus: 161

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: mostly · 13 mapping(s) from 3 framework(s): ATT&CK 8 (mostly) · CAPEC 4 (partial) · ASVS 5.0 1 (partial)

See the full cumulative-coverage rollup →

NIST 800-53 r5 controls that address this weakness (2)AI

Control Title Family Why it addresses this CWE
SC-30Concealment and MisdirectionSCFake or randomized responses remove distinguishable success/failure signals attackers rely on.
SI-11Error HandlingSIEliminates distinguishable response discrepancies in error conditions that could be exploited for reconnaissance.

MITRE ATT&CK techniques this weakness enables

Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.

Direction: other covers this; this covers other (F/M/P = full / mostly / partial).

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2018-25350 UPD7.09.80.00432026-05-23
CVE-2022-416976.05.30.20202022-12-22
CVE-2021-345805.57.50.01002021-10-27
CVE-2021-200495.57.50.01352021-12-23
CVE-2025-5485 UPD5.58.60.00392025-06-12
CVE-2025-3092 UPD5.57.50.00412025-06-24
CVE-2025-46390 UPD5.57.50.00292025-08-06
CVE-2025-124555.57.50.00302026-03-13
CVE-2026-334195.57.50.00392026-03-24
CVE-2026-41135.57.20.00362026-04-09
CVE-2016-94993.55.30.07772018-07-13
CVE-2020-110633.53.70.01192020-05-13
CVE-2021-391893.55.30.01242021-09-15
CVE-2021-384763.56.50.00742021-10-19
CVE-2022-05643.55.30.01362022-02-21
CVE-2022-312483.55.30.00962022-06-22
CVE-2022-19893.55.30.00722022-08-23
CVE-2022-225203.55.30.00812022-09-14
CVE-2021-362013.54.30.00502022-10-11
CVE-2022-393153.56.50.00592022-10-25
CVE-2019-190303.55.30.01892022-12-26
CVE-2022-392283.55.30.00592023-03-01
CVE-2023-15403.55.30.00642023-03-21
CVE-2023-274643.55.30.00462023-04-11
CVE-2023-234493.55.30.00782023-05-15