CWE CATEGORY: Permissions, Privileges, and Access Controls
Category ID: 264
Summary
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
Membership
Nature
Type
ID
Name
MemberOf
View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries).
Use for Mapping: Prohibited (this CWE ID must not be used to map to real-world vulnerabilities).
Rationale: this entry is a Category. Using categories for mapping has been an actively discouraged practice since at least 2019. Categories are informal organizational groupings of weaknesses that help navigation and browsing by CWE users, but they are not weaknesses in themselves [REF-1287]. This CWE ID may have become widely-used because of NIST's usage in NVD from 2008 to 2016 (see CWE-635 view, updated to the CWE-1003 view in 2016).
Comments: some weakness-oriented alternatives might be found as descendants under Improper Access Control (CWE-284). Note: use of CWE-284 is Discouraged; see CWE-284's Mapping Notes.
Maintenance
This entry heavily overlaps other categories and has been marked obsolete.