Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (3.0)  

CWE CATEGORY: Permissions, Privileges, and Access Controls

Category ID: 264
Status: Incomplete
+ Summary
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
+ Membership
MemberOfCategoryCategory2547PK - Security Features
MemberOfCategoryCategory2547PK - Security Features
MemberOfViewView635Weaknesses Originally Used by NVD from 2008 to 2016
HasMemberCategoryCategory265Privilege / Sandbox Issues
HasMemberCategoryCategory275Permission Issues
HasMemberClassClass282Improper Ownership Management
HasMemberClassClass284Improper Access Control
HasMemberClassClass284Improper Access Control
HasMemberBaseBase749Exposed Dangerous Method or Function
+ References
[REF-7] Michael Howard and David LeBlanc. "Writing Secure Code". Chapter 7, "How Tokens, Privileges, SIDs, ACLs, and Processes Relate" Page 218. 2nd Edition. Microsoft Press. 2002-12-04. <>.
+ Content History
Submission DateSubmitterOrganization
Modification DateModifierOrganization
2008-09-08CWE Content TeamMITRE
updated Relationships, Taxonomy_Mappings
2010-02-16CWE Content TeamMITRE
updated References
2011-03-29CWE Content TeamMITRE
updated Relationships
2012-10-30CWE Content TeamMITRE
updated Potential_Mitigations
2014-07-30CWE Content TeamMITRE
updated Detection_Factors
2015-12-07CWE Content TeamMITRE
updated Relationships
2017-11-08CWE Content TeamMITRE
updated Applicable_Platforms, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns, Relationships

More information is available — Please select a different filter.
Page Last Updated: January 18, 2018