CWE · MITRE source
CWE-390Detection of Error Condition Without Action
The product detects a specific error, but takes no actions to handle the error.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (10)AI
Showing the 9 most specific. Generic controls that address many weakness types are collapsed below.
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
IR-1 | Policy and Procedures | IR | Procedures require detection of error/incident conditions followed by defined response actions. |
IR-3 | Incident Response Testing | IR | IR testing verifies that detected error conditions trigger appropriate response actions rather than being ignored. |
IR-4 | Incident Handling | IR | The containment, eradication, and recovery steps ensure detected incidents trigger concrete actions rather than no response. |
PM-31 | Continuous Monitoring Strategy | PM | Requires response actions to analysis of monitoring data, directly preventing detection of error conditions without follow-up action. |
PM-6 | Measures of Performance | PM | Reporting on security performance measures requires confirming that detected error conditions trigger appropriate actions rather than being ignored. |
AU-5 | Response to Audit Logging Process Failures | AU | Requires explicit action (alert plus additional responses) on audit logging failures rather than detecting the error condition without acting. |
CA-7 | Continuous Monitoring | CA | The control mandates response actions to address results from monitoring and assessments, preventing detection of error conditions without subsequent corrective action. |
SC-24 | Fail in Known State | SC | Ensures that detected error conditions trigger an explicit action to reach the known failure state. |
SI-17 | Fail-safe Procedures | SI | Ensures that detected error conditions trigger the specified safe procedures instead of being observed without corrective action. |
Show 1 more broadly-applicable controls
IR-7 | Incident Response Assistance | IR | Provides assistance for handling incidents, ensuring detected error conditions lead to appropriate user actions rather than inaction. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2024-30255 | 6.4 | 5.3 | 0.8881 | 2024-04-04 |
CVE-2025-26465 | 5.8 | 6.8 | 0.7360 | 2025-02-18 |
CVE-2024-27919 | 2.9 | 7.5 | 0.2388 | 2024-04-04 |
CVE-2021-40391 | 2.0 | 9.8 | 0.0047 | 2021-11-19 |
CVE-2019-5051 | 1.9 | 8.8 | 0.0156 | 2019-07-03 |
CVE-2024-49841 | 1.6 | 7.8 | 0.0007 | 2025-05-06 |
CVE-2025-46367 | 1.6 | 7.8 | 0.0002 | 2025-11-13 |
CVE-2024-11942 | 1.3 | 5.9 | 0.0156 | 2024-12-05 |
CVE-2024-12086 | 1.3 | 6.1 | 0.0091 | 2025-01-14 |
CVE-2025-25204 | 1.3 | 6.3 | 0.0021 | 2025-02-14 |
CVE-2025-27039 | 1.3 | 6.6 | 0.0002 | 2025-10-09 |
CVE-2017-7485 | 1.2 | 5.9 | 0.0093 | 2017-05-12 |
CVE-2024-20316 | 1.2 | 5.8 | 0.0026 | 2024-03-27 |
CVE-2025-0029 | 0.0 | 0.0 | 0.0002 | 2026-02-10 |