CWE-653Improper Isolation or Compartmentalization

PUBLISHEDweakness record
released 2008-01-30 · last modified 2025-12-11

Metadata

CWE ID:
CWE-653
摘要:
Class
结构:
Simple
状态:
Draft
发布日期:
2008-01-30
更新日期:
2025-12-11

名称

Improper Isolation or Compartmentalization

描述

The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.

When a weakness occurs in functionality that is accessible by lower-privileged users, then without strong boundaries, an attack might extend the scope of the damage to higher-privileged users.

常见后果

范围:
Access Control
影响:
Gain Privileges or Assume Identity, Bypass Protection Mechanism
注释:
The exploitation of a weakness in low-privileged areas of the software can be leveraged to reach higher-privileged areas without having to overcome any additional obstacles.

相关 CWE