Category: SFP Secondary Cluster: Access Management
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Access Management cluster.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-282 | Improper Ownership Management | This vulnerability occurs when a system incorrectly assigns or fails to verify which user or process rightfully controls a specific object or resource. |
| CWE-283 | Unverified Ownership | This vulnerability occurs when an application fails to confirm that a user has legitimate ownership rights to a sensitive resource before allowing them to perform actions on it. |
| CWE-284 | Improper Access Control | The software fails to properly limit who can access a resource, allowing unauthorized users or systems to interact with it. |
| CWE-286 | Incorrect User Management | This vulnerability occurs when an application incorrectly handles user accounts, roles, or group memberships, leading to improper access control. |
| CWE-708 | Incorrect Ownership Assignment | This vulnerability occurs when a system grants ownership of a resource to an entity that should not have that level of control, placing it outside the intended security boundary. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.