Category: SFP Primary Cluster: Privilege
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Privilege cluster (SFP36).
Membership
| ID | Name | Description |
|---|---|---|
| CWE-250 | Execution with Unnecessary Privileges | This vulnerability occurs when software runs with higher permissions than it actually needs to perform its tasks. This excessive privilege creates security risks by opening doors to new attacks or making existing weaknesses more dangerous. |
| CWE-266 | Incorrect Privilege Assignment | This vulnerability occurs when a system mistakenly grants a user, process, or entity a specific permission or privilege they should not have. This error creates an unintended level of access, allowing the actor to perform actions beyond their intended authority. |
| CWE-267 | Privilege Defined With Unsafe Actions | This vulnerability occurs when a system grants a user, role, or process a specific permission that can be misused to perform dangerous, unintended actions. The permission itself is correctly assigned, but its scope is too broad or allows for unsafe operations. |
| CWE-268 | Privilege Chaining | Privilege chaining occurs when an attacker combines two separate permissions or capabilities, neither of which is dangerous on its own, to perform a harmful action that neither permission should individually allow. |
| CWE-269 | Improper Privilege Management | This vulnerability occurs when an application fails to correctly manage user permissions, allowing someone to perform actions or access data beyond their intended authority. |
| CWE-270 | Privilege Context Switching Error | This vulnerability occurs when an application fails to properly manage user permissions while moving between different security contexts, potentially allowing unauthorized actions. |
| CWE-271 | Privilege Dropping / Lowering Errors | This vulnerability occurs when a system or process fails to reduce its elevated permissions before transferring control of a resource to a less-privileged user or component. |
| CWE-272 | Least Privilege Violation | This vulnerability occurs when software fails to reduce its elevated system privileges after completing a sensitive operation, leaving it with unnecessary and dangerous access rights. |
| CWE-274 | Improper Handling of Insufficient Privileges | This vulnerability occurs when an application fails to properly manage situations where it lacks the necessary permissions to execute an action. This flawed handling can lead to crashes, data corruption, or unintended security bypasses. |
| CWE-520 | .NET Misconfiguration: Use of Impersonation | This vulnerability occurs when a .NET application is configured to run with impersonation, potentially granting it excessive system-level permissions that attackers could exploit. |
| CWE-653 | Improper Isolation or Compartmentalization | This vulnerability occurs when an application fails to enforce strong boundaries between components that operate at different security levels, allowing lower-privileged functions to improperly interact with higher-privileged ones. |
| CWE-9 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | This vulnerability occurs when Enterprise JavaBean (EJB) methods are configured with overly permissive access rights, allowing attackers to exploit elevated privileges they should not have. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.