ClassDraft

CWE-282Improper Ownership Management

Category: other

Description

The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.

Common consequences· 1

  • Access Control — Gain Privileges or Assume Identity

Potential mitigations· 1

  • [Architecture and Design, Operation]Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Related CAPEC attack patterns· 2

CAPEC-17CAPEC-35

References

  1. https://cwe.mitre.org/data/definitions/282.html

Exploits (incoming)2

TypeTargetConfidenceTier
AttackPatternUsing Malicious Filescapec-17100%live
AttackPatternLeverage Executable Code in Non-Executable Filescapec-35100%live

(incoming)3

TypeTargetConfidenceTier
VulnerabilityCVE-2025-27254cve-2025-272540%live
KEVEntryCisco SD-WAN Path Traversal Vulnerabilitykev-cve-2022-207750%live
KEVEntryLinux Kernel Improper Ownership Management Vulnerabilitykev-cve-2023-03860%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Unverified Ownership
CWE
Incorrect Ownership Assignment
CWE
Improper Authorization
CWE
Improper Access Control
CWE
Incorrect Privilege Assignment
CWE
Improper Privilege Management
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.