CWE-269 (Improper Privilege Management)

GPTKB entity

Statements (21)
Predicate Object
gptkbp:instanceOf gptkb:Common_Weakness_Enumeration
gptkbp:category Security Weakness
gptkbp:cause Unauthorized access
Privilege escalation
Security bypass
gptkbp:citation https://cwe.mitre.org/data/definitions/269.html
gptkbp:describes A weakness where software does not properly assign, manage, or check privileges for users or processes.
gptkbp:foundIn gptkb:software
Web applications
Operating systems
https://www.w3.org/2000/01/rdf-schema#label CWE-269 (Improper Privilege Management)
gptkbp:mitigatedBy Enforce least privilege principle
Use role-based access control
Validate privilege assignments
gptkbp:name Improper Privilege Management
gptkbp:part_of CWE Top 25 (various years)
gptkbp:related_CWE CWE-266 (Incorrect Privilege Assignment)
CWE-272 (Least Privilege Violation)
gptkbp:vulnerableTo gptkb:CWE-269
gptkbp:bfsParent gptkb:Common_Weakness_Enumeration_(CWE)
gptkbp:bfsLayer 7