| Accessing Functionality Not Properly Constrained by ACLs |
|
CWE-276
|
Incorrect Default Permissions
|
|
CWE-285
|
Improper Authorization
|
|
CWE-434
|
Unrestricted Upload of File with Dangerous Type
|
|
CWE-693
|
Protection Mechanism Failure
|
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|
|
CWE-1193
|
Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
|
|
CWE-1220
|
Insufficient Granularity of Access Control
|
|
CWE-1297
|
Unprotected Confidential Information on Device is Accessible by OSAT Vendors
|
|
CWE-1311
|
Improper Translation of Security Attributes by Fabric Bridge
|
|
CWE-1314
|
Missing Write Protection for Parametric Data Values
|
|
CWE-1315
|
Improper Setting of Bus Controlling Capability in Fabric End-point
|
|
CWE-1318
|
Missing Support for Security Features in On-chip Fabrics or Buses
|
|
CWE-1320
|
Improper Protection for Out of Bounds Signal Level Alerts
|
|
CWE-1321
|
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
|
CWE-1327
|
Binding to an Unrestricted IP Address
|
|
| Privilege Abuse |
|
CWE-269
|
Improper Privilege Management
|
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|
|
CWE-1317
|
Missing Security Checks in Fabric Bridge
|
|
| Directory Indexing |
|
CWE-276
|
Incorrect Default Permissions
|
|
CWE-285
|
Improper Authorization
|
|
CWE-288
|
Authentication Bypass Using an Alternate Path or Channel
|
|
CWE-424
|
Improper Protection of Alternate Path
|
|
CWE-425
|
Direct Request ('Forced Browsing')
|
|
CWE-693
|
Protection Mechanism Failure
|
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|
|
| Using Malicious Files |
|
CWE-59
|
Improper Link Resolution Before File Access ('Link Following')
|
|
CWE-270
|
Privilege Context Switching Error
|
|
CWE-272
|
Least Privilege Violation
|
|
CWE-282
|
Improper Ownership Management
|
|
CWE-285
|
Improper Authorization
|
|
CWE-693
|
Protection Mechanism Failure
|
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|
|
| Exploiting Incorrectly Configured Access Control Security Levels |
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|
|
CWE-1190
|
DMA Device Enabled Too Early in Boot Phase
|
|
CWE-1193
|
Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
|
|
CWE-1220
|
Insufficient Granularity of Access Control
|
|
CWE-1268
|
Policy Privileges are not Assigned Consistently Between Control and Data Agents
|
|
CWE-1280
|
Access Control Check Implemented After Asset is Accessed
|
|
CWE-1297
|
Unprotected Confidential Information on Device is Accessible by OSAT Vendors
|
|
CWE-1311
|
Improper Translation of Security Attributes by Fabric Bridge
|
|
CWE-1315
|
Improper Setting of Bus Controlling Capability in Fabric End-point
|
|
CWE-1318
|
Missing Support for Security Features in On-chip Fabrics or Buses
|
|
CWE-1320
|
Improper Protection for Out of Bounds Signal Level Alerts
|
|
CWE-1321
|
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
|
| Signing Malicious Code |
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|
|
| Hijacking a privileged process |
|
CWE-648
|
Incorrect Use of Privileged APIs
|
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|
|
| Reusing Session IDs (aka Session Replay) |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
CWE-285
|
Improper Authorization
|
|
CWE-290
|
Authentication Bypass by Spoofing
|
|
CWE-294
|
Authentication Bypass by Capture-replay
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-384
|
Session Fixation
|
|
CWE-488
|
Exposure of Data Element to Wrong Session
|
|
CWE-539
|
Use of Persistent Cookies Containing Sensitive Information
|
|
CWE-664
|
Improper Control of a Resource Through its Lifetime
|
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|
|
| Session Fixation |
|
CWE-384
|
Session Fixation
|
|
CWE-664
|
Improper Control of a Resource Through its Lifetime
|
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|
|
| Cross Site Request Forgery |
|
CWE-306
|
Missing Authentication for Critical Function
|
|
CWE-352
|
Cross-Site Request Forgery (CSRF)
|
|
CWE-664
|
Improper Control of a Resource Through its Lifetime
|
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|
|
CWE-1275
|
Sensitive Cookie with Improper SameSite Attribute
|
|
| Replace Binaries |
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|
|