CWE-862Missing Authorization

PUBLISHEDweakness recordHigh
released 2011-06-01 · last modified 2026-04-30
CWE-862 - Missing Authorization - Diagram

Metadata

CWE ID:
CWE-862
摘要:
Class
结构:
Simple
状态:
Incomplete
发布日期:
2011-06-01
更新日期:
2026-04-30

名称

Missing Authorization

描述

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

常见后果

范围:
Confidentiality
影响:
Read Application Data, Read Files or Directories
注释:
An attacker could read sensitive data, either by reading the data directly from a data store that is not restricted, or by accessing insufficiently-protected, privileged functionality to read the data.
范围:
Integrity
影响:
Modify Application Data, Modify Files or Directories
注释:
An attacker could modify sensitive data, either by writing the data directly to a data store that is not restricted, or by accessing insufficiently-protected, privileged functionality to write the data.
范围:
Access Control
影响:
Gain Privileges or Assume Identity, Bypass Protection Mechanism
注释:
An attacker could gain privileges by modifying or reading critical data directly, or by accessing privileged functionality.
范围:
Availability
影响:
DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Resource Consumption (Other)
注释:
An attacker could gain unauthorized access to resources on the system and excessively consume those resources, leading to a denial of service.

相关 CWE