CWE · MITRE source
CWE-755Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (10)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
CP-12 | Safe Mode | CP | Supplies a concrete handling action (safe mode) for exceptional conditions, mitigating risks from improper or absent handling that could allow continued attacks. |
CP-3 | Contingency Training | CP | By preparing users for contingency scenarios, the control promotes proper handling of exceptional conditions instead of default or unsafe behaviors. |
CP-5 | Contingency Plan Update | CP | An updated contingency plan defines current actions for exceptional conditions, reducing the window for attackers to exploit improper handling leading to system failure. |
IR-1 | Policy and Procedures | IR | Procedures ensure proper handling of exceptional conditions to support effective incident response. |
IR-3 | Incident Response Testing | IR | Incident response testing confirms proper handling of exceptional conditions to limit exploit impact. |
IR-7 | Incident Response Assistance | IR | Gives users guidance on incident handling, reducing improper handling of exceptional conditions that could stem from exploited weaknesses. |
SI-13 | Predictable Failure Prevention | SI | Prepared component exchange provides a defined recovery path, making improper handling of failures less exploitable. |
SI-17 | Fail-safe Procedures | SI | Mandates defined procedures that ensure exceptional conditions are handled in a controlled, secure manner instead of being ignored or mishandled. |
AU-5 | Response to Audit Logging Process Failures | AU | Provides defined handling (alert and additional actions) for the exceptional condition of audit logging failure. |
SC-24 | Fail in Known State | SC | Enforces structured response to exceptional conditions so the system cannot remain in an unsafe state. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2017-5638 KEV | 9.6 | 9.8 | 0.9427 | 2017-03-11 |
CVE-2020-7247 KEV | 9.6 | 9.8 | 0.9411 | 2020-01-29 |
CVE-2021-38003 KEV | 7.7 | 8.8 | 0.6571 | 2021-11-23 |
CVE-2019-14287 | 6.9 | 8.8 | 0.8581 | 2019-10-17 |
CVE-2018-0934 | 6.6 | 7.5 | 0.8529 | 2018-03-14 |
CVE-2019-12815 | 6.6 | 9.8 | 0.7690 | 2019-07-19 |
CVE-2018-0155 KEV | 4.6 | 8.6 | 0.1450 | 2018-03-28 |
CVE-2024-29748 KEV | 3.6 | 7.8 | 0.0041 | 2024-04-05 |
CVE-2022-36923 | 3.5 | 7.5 | 0.3250 | 2022-08-10 |
CVE-2022-23121 | 3.2 | 9.8 | 0.2081 | 2023-03-28 |
CVE-2024-34750 | 2.8 | 7.5 | 0.2154 | 2024-07-03 |
CVE-2023-36933 | 2.4 | 7.5 | 0.1449 | 2023-07-05 |
CVE-2019-10742 | 2.3 | 7.5 | 0.1309 | 2019-05-07 |
CVE-2018-7849 | 2.3 | 7.5 | 0.1292 | 2019-05-22 |
CVE-2018-7852 | 2.3 | 7.5 | 0.1292 | 2019-05-22 |
CVE-2019-14431 | 2.3 | 9.8 | 0.0550 | 2019-07-29 |
CVE-2021-43272 | 2.3 | 9.8 | 0.0520 | 2021-11-14 |
CVE-2019-14378 | 2.2 | 8.8 | 0.0658 | 2019-07-29 |
CVE-2019-17195 | 2.2 | 9.8 | 0.0427 | 2019-10-15 |
CVE-2021-28165 | 2.2 | 7.5 | 0.1199 | 2021-04-01 |
CVE-2017-5664 | 2.1 | 7.5 | 0.1080 | 2017-06-06 |
CVE-2021-42142 | 2.1 | 9.8 | 0.0204 | 2024-01-23 |
CVE-2017-2877 | 2.0 | 9.8 | 0.0047 | 2018-09-19 |
CVE-2018-19991 | 2.0 | 9.8 | 0.0048 | 2018-12-10 |
CVE-2019-6256 | 2.0 | 9.8 | 0.0056 | 2019-01-14 |