Statements (25)
Predicate | Object |
---|---|
gptkbp:instanceOf |
gptkb:Common_Weakness_Enumeration
|
gptkbp:affectedResource |
APIs
Web applications Software systems |
gptkbp:category |
Authorization
|
gptkbp:consequence |
Unauthorized access
Privilege escalation Availability violation Confidentiality violation Integrity violation |
gptkbp:describes |
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
|
gptkbp:hasCWE |
863
|
https://www.w3.org/2000/01/rdf-schema#label |
CWE-863
|
gptkbp:introducedIn |
CWE 4.0
|
gptkbp:likelihoodOfExploit |
High
|
gptkbp:mitigatedBy |
Implement proper authorization checks for all sensitive actions and resources.
|
gptkbp:name |
Incorrect Authorization
|
gptkbp:partOf |
gptkb:CWE
|
gptkbp:relatedTo |
gptkb:CWE-862
CWE-285 |
gptkbp:status |
Active
|
gptkbp:weakness |
gptkb:Base
|
gptkbp:bfsParent |
gptkb:CWE-352
gptkb:Broken_Access_Control |
gptkbp:bfsLayer |
6
|