Improper Privilege Management, as classified under CWE-269, occurs when a software application improperly manages or enforces access control policies, allowing unauthorised users to perform restricted actions. This weakness can lead to severe consequences, such as data breaches, privilege escalation, and compromise of system integrity.
CWE-77 refers to the improper neutralisation of special elements used in a command. These special elements, when inadequately sanitised, allow attackers to inject malicious commands that the system interprets and executes. This vulnerability commonly appears in applications that dynamically construct system commands based on user inputs.
Missing Authorisation, identified by CWE-862, refers to a software weakness where an application fails to verify if a user is permitted to access specific resources or perform certain actions. While authentication establishes identity, authorisation ensures that the authenticated user has the necessary permissions. When authorisation is missing, attackers can exploit this oversight to access sensitive data, perform unauthorised transactions, or disrupt services.
Out-of-bounds write vulnerabilities (CWE-787) are among the most dangerous weaknesses in software development. If left unchecked, these vulnerabilities can have significant repercussions, including data corruption, service outages, and, in the worst cases, remote code execution.
An out-of-bounds write occurs when a program writes data outside the bounds of allocated memory, causing code compromise in the software.
Broken Function Level Authorisation occurs when an attacker is able to access functions or data that they are not authorised to use. This happens due to inadequate enforcement of role-based access controls (RBAC) or a failure to properly segregate administrative and regular user functions. APIs often expose a variety of functions depending on the user’s role (e.g., regular user, administrator, manager, etc.). When these functions are not sufficiently protected or are poorly designed, attackers can bypass these restrictions to gain unauthorised access to sensitive information or perform malicious activities.