Category: SFP Secondary Cluster: Access Management
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Access Management cluster.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-282 | Improper Ownership Management | The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource. |
| CWE-283 | Unverified Ownership | The product does not properly verify that a critical resource is owned by the proper entity. |
| CWE-284 | Improper Access Control | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-286 | Incorrect User Management | The product does not properly manage a user within its environment. |
| CWE-708 | Incorrect Ownership Assignment | The product assigns an owner to a resource, but the owner is outside of the intended control sphere. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.