Statements (25)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:Common_Weakness_Enumeration
|
| gptkbp:affectedResource |
APIs
Web applications Software systems |
| gptkbp:category |
Authorization
|
| gptkbp:consequence |
Unauthorized access
Privilege escalation Availability violation Confidentiality violation Integrity violation |
| gptkbp:describes |
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
|
| gptkbp:hasCWE |
863
|
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-863
|
| gptkbp:introducedIn |
CWE 4.0
|
| gptkbp:likelihoodOfExploit |
High
|
| gptkbp:mitigatedBy |
Implement proper authorization checks for all sensitive actions and resources.
|
| gptkbp:name |
Incorrect Authorization
|
| gptkbp:partOf |
gptkb:CWE
|
| gptkbp:relatedTo |
gptkb:CWE-862
CWE-285 |
| gptkbp:status |
Active
|
| gptkbp:weakness |
gptkb:Base
|
| gptkbp:bfsParent |
gptkb:CWE-352
gptkb:Broken_Access_Control |
| gptkbp:bfsLayer |
6
|