CAPEC-233
Alerte pour un CAPEC
Restez informé de toutes modifications pour un CAPEC spécifique.
Description
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
Informations
Faiblesses connexes
| Nom de la faiblesse | |
|---|---|
| Improper Privilege Management The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
|
| Hardware Logic with Insecure De-Synchronization between Control and Data Channels The hardware logic for error handling and security checks can incorrectly forward data before the security check is complete. |
|
| Improper Translation of Security Attributes by Fabric Bridge The bridge incorrectly translates security attributes from either trusted to untrusted or from untrusted to trusted when converting from one fabric protocol to another. |
References
REF-600
OWASP Web Security Testing Guidehttps://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/03-Testing_for_Privilege_Escalation.html
Submission
| Name | Organization | Date | Date Release |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Description, Description Summary, Relationships, Type (Category -> Attack_Pattern) | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses, Taxonomy_Mappings | |
| CAPEC Content Team | The MITRE Corporation | Updated References, Related_Weaknesses | |
| CAPEC Content Team | The MITRE Corporation | Updated @Abstraction | |
| CAPEC Content Team | The MITRE Corporation | Updated @Abstraction |
2024©
tesweb SA
