CWE-693: Protection Mechanism Failure

Pillar Draft Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

扩展描述

This weakness covers three distinct situations. A "missing" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An "insufficient" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an "ignored" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.

常见后果

影响范围: Access Control

技术影响: Bypass Protection Mechanism

引入模式

阶段 说明
Architecture and Design -
Implementation -
Operation -

适用平台

编程语言
Not Language-Specific (Undetermined)
技术
Not Technology-Specific (Undetermined) ICS/OT (Undetermined)
关键信息

CWE ID: CWE-693

抽象级别: Pillar

结构: Simple

状态: Draft

相关攻击模式
CAPEC-1 CAPEC-107 CAPEC-127 CAPEC-17 CAPEC-20 CAPEC-22 CAPEC-237 CAPEC-36 CAPEC-477 CAPEC-480 CAPEC-51 CAPEC-57 CAPEC-59 CAPEC-65 CAPEC-668 CAPEC-74 CAPEC-87
返回列表