CWE-693: Protection Mechanism Failure
This weakness covers three distinct situations. A "missing" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An "insufficient" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an "ignored" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.
Modes of Introduction
| Phase | Note |
|---|---|
| Architecture and Design | |
| Implementation | |
| Operation |
Applicable Platforms
| Type | Class | Name | Prevalence |
|---|---|---|---|
| Language | Not Language-Specific | ||
| Technology | Not Technology-Specific | ||
| Technology | ICS/OT |
Common Attack Pattern Enumeration and Classification (CAPEC)
The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.
CAPEC at Mitre.org| # ID | Name | Weaknesses |
|---|---|---|
| CAPEC-1 | Accessing Functionality Not Properly Constrained by ACLs | CWE-693 |
| CAPEC-17 | Using Malicious Files | CWE-693 |
| CAPEC-20 | Encryption Brute Forcing | CWE-693 |
| CAPEC-22 | Exploiting Trust in Client | CWE-693 |
| CAPEC-36 | Using Unpublished Interfaces or Functionality | CWE-693 |
| CAPEC-51 | Poison Web Service Registry | CWE-693 |
| CAPEC-57 | Utilizing REST's Trust in the System Resource to Obtain Sensitive Data | CWE-693 |
| CAPEC-59 | Session Credential Falsification through Prediction | CWE-693 |
| CAPEC-65 | Sniff Application Code | CWE-693 |
| CAPEC-74 | Manipulating State | CWE-693 |
| CAPEC-87 | Forceful Browsing | CWE-693 |
| CAPEC-107 | Cross Site Tracing | CWE-693 |
| CAPEC-127 | Directory Indexing | CWE-693 |
| CAPEC-237 | Escaping a Sandbox by Calling Code in Another Language | CWE-693 |
| CAPEC-477 | Signature Spoofing by Mixing Signed and Unsigned Content | CWE-693 |
| CAPEC-480 | Escaping Virtualization | CWE-693 |
| CAPEC-668 | Key Negotiation of Bluetooth Attack (KNOB) | CWE-693 |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |