Read Time:23 Second

Description

The product does not properly prevent a person’s private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-200

 

Consequences

Confidentiality: Read Application Data

 

Potential Mitigations

Phase: Requirements

Description: 

Phase: Architecture and Design

Description: 

CVE References