CWE CATEGORY: Permissions, Privileges, and Access Controls
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
Use for Mapping: Prohibited (this CWE ID must not be used to map to real-world vulnerabilities).
Rationale: this entry is a Category. Using categories for mapping has been an actively discouraged practice since at least 2019. Categories are informal organizational groupings of weaknesses that help navigation and browsing by CWE users, but they are not weaknesses in themselves [REF-1287]. This CWE ID may have become widely-used because of NIST's usage in NVD from 2008 to 2016 (see CWE-635 view, updated to the CWE-1003 view in 2016).
Comments: some weakness-oriented alternatives might be found as descendants under Improper Access Control (CWE-284). Note: use of CWE-284 is Discouraged; see CWE-284's Mapping Notes.
This entry heavily overlaps other categories and has been marked obsolete.
More information is available — Please select a different filter.