Statements (24)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:Common_Weakness_Enumeration
|
| gptkbp:category |
Security Weakness
|
| gptkbp:describes |
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
|
| gptkbp:example |
Missing authentication for critical function
Unrestricted file upload |
| gptkbp:externalLink |
https://cwe.mitre.org/data/definitions/284.html
|
| gptkbp:foundIn |
APIs
Web applications Operating systems |
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-284
|
| gptkbp:impact |
Unauthorized access
Privilege escalation Data leakage |
| gptkbp:mitigatedBy |
Implement proper access control checks
Use least privilege principle Validate user permissions before granting access |
| gptkbp:name |
Improper Access Control
|
| gptkbp:partOf |
gptkb:CWE
|
| gptkbp:relatedTo |
gptkb:CWE-862
gptkb:CWE-863 CWE-285 |
| gptkbp:vulnerableTo |
284
|
| gptkbp:bfsParent |
gptkb:Broken_Access_Control
|
| gptkbp:bfsLayer |
6
|