CAPEC-437 Category Detail

CAPEC-437

Supply Chain
Draft
2014-06-23
00h00 +00:00
2023-01-24
00h00 +00:00
CAPEC Mitre.org
Alerte pour un CAPEC
Stay informed of any changes for a specific CAPEC.
Notifications manage

Name: Supply Chain

Attack patterns within this category focus on the disruption of the supply chain lifecycle by manipulating computer system hardware, software, or services for the purpose of espionage, theft of critical data or technology, or the disruption of mission-critical operations or infrastructure. Supply chain operations are usually multi-national with parts, components, assembly, and delivery occurring across multiple countries offering an attacker multiple points for disruption.

CAPEC Members List

CAPEC-116: Excavation Base

CAPEC-154: Resource Location Spoofing Base

CAPEC-176: Configuration/Environment Manipulation Base

CAPEC-184: Software Integrity Attack Base

CAPEC-438: Modification During Manufacture Base

CAPEC-439: Manipulation During Distribution Base

CAPEC-440: Hardware Integrity Attack Base

CAPEC-690: Metadata Spoofing Base

CAPEC Informations

Submission

Name Organization Date Date release
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modifications

Name Organization Date Comment
CAPEC Content Team The MITRE Corporation 2015-11-09 +00:00 Updated Relationships
CAPEC Content Team The MITRE Corporation 2019-04-04 +00:00 Updated Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2019-09-30 +00:00 Updated Relationships
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00 Updated Relationships
CAPEC Content Team The MITRE Corporation 2022-02-22 +00:00 Updated Relationships
CAPEC Content Team The MITRE Corporation 2022-09-29 +00:00 Updated Relationships, Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2023-01-24 +00:00 Updated Relationships
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.