CWE-287 – Improper Authentication
Description When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. Modes of...
CWE-286 – Incorrect User Management
Description The software does not properly manage a user within its environment. Users can be assigned to the wrong group (class) of permissions resulting in...
CWE-285 – Improper Authorization
Description The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. An...
CWE-284 – Improper Access Control
Description The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Modes of Introduction: - Architecture and Design ...
CWE-283 – Unverified Ownership
Description The software does not properly verify that a critical resource is owned by the proper entity. Modes of Introduction: - Architecture and Design ...
CWE-282 – Improper Ownership Management
Description The software assigns the wrong ownership, or does not properly verify the ownership, of an object or resource. Modes of Introduction: - Architecture and...
CWE-281 – Improper Preservation of Permissions
Description The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive...
CWE-280 – Improper Handling of Insufficient Permissions or Privileges
Description The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This...
CWE-28 – Path Traversal: ‘..filedir’
Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ".." sequences...
CWE-279 – Incorrect Execution-Assigned Permissions
Description While it is executing, the software sets the permissions of an object in a way that violates the intended permissions that have been specified...