PillarIncomplete

CWE-284Improper Access Control

Category: other

Description

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Common consequences· 1

  • Other — Varies by Context

Potential mitigations· 2

  • [Architecture and Design, Operation]Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
  • [Architecture and Design]

Related CAPEC attack patterns· 17

CAPEC-19CAPEC-441CAPEC-478CAPEC-479CAPEC-502CAPEC-503CAPEC-536CAPEC-546CAPEC-550CAPEC-551CAPEC-552CAPEC-556CAPEC-558CAPEC-562CAPEC-563CAPEC-564CAPEC-578

References

  1. https://cwe.mitre.org/data/definitions/284.html

Exploits (incoming)12

TypeTargetConfidenceTier
AttackPatternWebView Exposurecapec-503100%live
AttackPatternInstall New Servicecapec-550100%live
AttackPatternReplace File Extension Handlerscapec-556100%live
AttackPatternDisable Security Softwarecapec-578100%live
AttackPatternAdd Malicious File to Shared Webrootcapec-563100%live
AttackPatternEmbedding Scripts within Scriptscapec-19100%live
AttackPatternIntent Spoofcapec-502100%live
AttackPatternModification of Windows Service Configurationcapec-478100%live
AttackPatternIncomplete Data Deletion in a Multi-Tenant Environmentcapec-546100%live
AttackPatternData Injected During Configurationcapec-536100%live
AttackPatternReplace Trusted Executablecapec-558100%live
AttackPatternRun Software at Logoncapec-564100%live

Compliance frameworks addressing this (incoming)38

TypeTargetConfidenceTier
ComplianceControlowasp_top10-a10100%live
ComplianceControlowasp_llm_top10-llm05100%live
ComplianceControlpci_dss_v4-r12100%live
ComplianceControliso27701-a.7.2.1100%live
ComplianceControlowasp_llm_top10-llm08100%live
ComplianceControlpci_dss_v4-r9100%live
ComplianceControlnis2-art21d100%live
ComplianceControlnist_csf-id100%live
ComplianceControlowasp_llm_top10-llm01100%live
ComplianceControlnist_csf-de100%live
ComplianceControlowasp_api_top10-api05100%live
ComplianceControlnist_csf-gv100%live
ComplianceControlpci_dss_v4-r7100%live
ComplianceControlowasp_top10-a01100%live
ComplianceControlgdpr-art25100%live
ComplianceControlcis_v8-6100%live
ComplianceControlcis_v8-2100%live
ComplianceControlowasp_api_top10-api08100%live
ComplianceControliso27701-a.7.3.6100%live
ComplianceControlcis_v8-3100%live
ComplianceControlgdpr-art35100%live
ComplianceControlcis_v8-13100%live
ComplianceControlcra-annexi-1100%live
ComplianceControlcra-annexi-2100%live
ComplianceControlpci_dss_v4-r4100%live
ComplianceControlcis_v8-1100%live
ComplianceControldora-art13100%live
ComplianceControliso27001-a.5.23100%live
ComplianceControliso27001-a.8.21100%live
ComplianceControlowasp_llm_top10-llm10100%live

Showing top 30 of 38 by confidence. Click any target to see the full neighbourhood.

(incoming)100

TypeTargetConfidenceTier
VulnerabilityCVE-2025-0206cve-2025-02060%live
VulnerabilityCVE-2025-0213cve-2025-02130%live
VulnerabilityCVE-2025-0335cve-2025-03350%live
VulnerabilityCVE-2025-0341cve-2025-03410%live
VulnerabilityCVE-2025-0402cve-2025-04020%live
VulnerabilityCVE-2025-0463cve-2025-04630%live
VulnerabilityCVE-2025-0650cve-2025-06500%live
VulnerabilityCVE-2025-0702cve-2025-07020%live
VulnerabilityCVE-2025-0802cve-2025-08020%live
VulnerabilityCVE-2025-10083cve-2025-100830%live
VulnerabilityCVE-2025-10085cve-2025-100850%live
VulnerabilityCVE-2025-10201cve-2025-102010%live
VulnerabilityCVE-2025-10398cve-2025-103980%live
VulnerabilityCVE-2025-10424cve-2025-104240%live
VulnerabilityCVE-2025-10425cve-2025-104250%live
VulnerabilityCVE-2025-10427cve-2025-104270%live
VulnerabilityCVE-2025-10428cve-2025-104280%live
VulnerabilityCVE-2025-10447cve-2025-104470%live
VulnerabilityCVE-2025-10480cve-2025-104800%live
VulnerabilityCVE-2025-10600cve-2025-106000%live
VulnerabilityCVE-2025-10608cve-2025-106080%live
VulnerabilityCVE-2025-10615cve-2025-106150%live
VulnerabilityCVE-2025-10616cve-2025-106160%live
VulnerabilityCVE-2025-11078cve-2025-110780%live
VulnerabilityCVE-2025-11318cve-2025-113180%live
VulnerabilityCVE-2025-11347cve-2025-113470%live
VulnerabilityCVE-2025-11351cve-2025-113510%live
VulnerabilityCVE-2025-11352cve-2025-113520%live
VulnerabilityCVE-2025-11353cve-2025-113530%live
VulnerabilityCVE-2025-11354cve-2025-113540%live

Showing top 30 of 100 by confidence. Click any target to see the full neighbourhood.

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Authorization
CWE
Exposure of Sensitive Information to an Unauthorized Actor
CWE
Missing Authorization
CWE
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CWE
Incorrect Authorization
CWE
Weak Authentication
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.