CWE-284

GPTKB entity

Statements (24)
Predicate Object
gptkbp:instanceOf gptkb:Common_Weakness_Enumeration
gptkbp:category Security Weakness
gptkbp:describes The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
gptkbp:example Missing authentication for critical function
Unrestricted file upload
gptkbp:externalLink https://cwe.mitre.org/data/definitions/284.html
gptkbp:foundIn APIs
Web applications
Operating systems
https://www.w3.org/2000/01/rdf-schema#label CWE-284
gptkbp:impact Unauthorized access
Privilege escalation
Data leakage
gptkbp:mitigatedBy Implement proper access control checks
Use least privilege principle
Validate user permissions before granting access
gptkbp:name Improper Access Control
gptkbp:partOf gptkb:CWE
gptkbp:relatedTo gptkb:CWE-862
gptkb:CWE-863
CWE-285
gptkbp:vulnerableTo 284
gptkbp:bfsParent gptkb:Broken_Access_Control
gptkbp:bfsLayer 6