CWE-693: Protection Mechanism Failure
This weakness covers three distinct situations. A "missing" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An "insufficient" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an "ignored" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.
Modes of Introduction
Phase | Note |
---|---|
Architecture and Design | |
Implementation | |
Operation |
Applicable Platforms
Type | Class | Name | Prevalence |
---|---|---|---|
Language | Not Language-Specific | ||
Technology | Not Technology-Specific | ||
Technology | ICS/OT |
Common Attack Pattern Enumeration and Classification (CAPEC)
The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.
CAPEC at Mitre.org# ID | Name | Weaknesses |
---|---|---|
CAPEC-1 | Accessing Functionality Not Properly Constrained by ACLs | CWE-693 |
CAPEC-17 | Using Malicious Files | CWE-693 |
CAPEC-20 | Encryption Brute Forcing | CWE-693 |
CAPEC-22 | Exploiting Trust in Client | CWE-693 |
CAPEC-36 | Using Unpublished Interfaces or Functionality | CWE-693 |
CAPEC-51 | Poison Web Service Registry | CWE-693 |
CAPEC-57 | Utilizing REST's Trust in the System Resource to Obtain Sensitive Data | CWE-693 |
CAPEC-59 | Session Credential Falsification through Prediction | CWE-693 |
CAPEC-65 | Sniff Application Code | CWE-693 |
CAPEC-74 | Manipulating State | CWE-693 |
CAPEC-87 | Forceful Browsing | CWE-693 |
CAPEC-107 | Cross Site Tracing | CWE-693 |
CAPEC-127 | Directory Indexing | CWE-693 |
CAPEC-237 | Escaping a Sandbox by Calling Code in Another Language | CWE-693 |
CAPEC-477 | Signature Spoofing by Mixing Signed and Unsigned Content | CWE-693 |
CAPEC-480 | Escaping Virtualization | CWE-693 |
CAPEC-668 | Key Negotiation of Bluetooth Attack (KNOB) | CWE-693 |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |