CWE-1267 Detail

CWE-1267

Policy Uses Obsolete Encoding
Draft
2020-02-24
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Meldingen voor een CWE
Blijf op de hoogte van wijzigingen voor een specifieke CWE.
Meldingen beheren

Naam: Policy Uses Obsolete Encoding

The product uses an obsolete encoding mechanism to implement access controls.

Algemene informatie

Introductiemodi

Architecture and Design
Implementation

Toepasselijke platforms

Taal

Class: Not Language-Specific (Undetermined)

Besturingssystemen

Class: Not OS-Specific (Undetermined)

Architecturen

Class: Not Architecture-Specific (Undetermined)

Technologieën

Class: Not Technology-Specific (Undetermined)

Veelvoorkomende gevolgen

Bereik Impact Waarschijnlijkheid
Confidentiality
Integrity
Availability
Access Control		Modify Memory, Read Memory, Modify Files or Directories, Read Files or Directories, DoS: Resource Consumption (Other), Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Bypass Protection Mechanism, Reduce ReliabilityHigh

Mogelijke risicobeperkingen

Phases : Architecture and Design // Implementation

Notities kwetsbaarheidsmapping

Rechtvaardiging : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Opmerking : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Gerelateerde aanvalspatronen

CAPEC-ID Naam aanvalspatroon
CAPEC-121 Exploit Non-Production Interfaces
CAPEC-681 Exploitation of Improperly Controlled Hardware Security Identifiers

Referenties

REF-1093

Huge Intel CPU Bug Allegedly Causes Kernel Memory Vulnerability With Up To 30% Performance Hit In Windows And Linux
Brandon Hill.
https://hothardware.com/news/intel-cpu-bug-kernel-memory-isolation-linux-windows-macos

Indiening

Naam Organisatie Datum Releasedatum Version
Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi Intel Corporation 2020-04-18 +00:00 2020-02-24 +00:00 4.1

Wijzigingen

Naam Organisatie Datum Opmerking
CWE Content Team MITRE 2020-08-20 +00:00 updated Applicable_Platforms, Demonstrative_Examples, Description, Modes_of_Introduction, Potential_Mitigations
CWE Content Team MITRE 2021-07-20 +00:00 updated Related_Attack_Patterns
CWE Content Team MITRE 2022-04-28 +00:00 updated Related_Attack_Patterns
CWE Content Team MITRE 2022-10-13 +00:00 updated Demonstrative_Examples
CWE Content Team MITRE 2023-04-27 +00:00 updated References, Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2025-12-11 +00:00 updated Demonstrative_Examples, Weakness_Ordinalities
De informatie die op CVE Find wordt gepresenteerd, is afkomstig van verschillende zorgvuldig geselecteerde referentiebronnen. CVE-gegevens worden geleverd door MITRE Corporation en de National Vulnerability Database (NVD). De Known Exploited Vulnerabilities (KEV)-catalogus is afkomstig van de Cybersecurity and Infrastructure Security Agency (CISA), terwijl EPSS-scores afkomstig zijn van FIRST.org. Daarnaast worden gegevens over softwarezwakheden (CWE) en veelvoorkomende aanvalspatronen (CAPEC) bijgehouden door MITRE Corporation, en informatie over hardware- en softwareconfiguraties (CPE) wordt geleverd door de NVD.