- Scope:
- Confidentiality
- Impact:
- Read Application Data, Read Files or Directories
- Notes:
- An attacker could read sensitive data, either by reading the data directly from a data store that is not restricted, or by accessing insufficiently-protected, privileged functionality to read the data.
- Scope:
- Integrity
- Impact:
- Modify Application Data, Modify Files or Directories
- Notes:
- An attacker could modify sensitive data, either by writing the data directly to a data store that is not restricted, or by accessing insufficiently-protected, privileged functionality to write the data.
- Scope:
- Access Control
- Impact:
- Gain Privileges or Assume Identity, Bypass Protection Mechanism
- Notes:
- An attacker could gain privileges by modifying or reading critical data directly, or by accessing privileged functionality.
- Scope:
- Availability
- Impact:
- DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Resource Consumption (Other)
- Notes:
- An attacker could gain unauthorized access to resources on the system and excessively consume those resources, leading to a denial of service.