The product stores sensitive data under the FTP server root with insufficient access control, which might make it accessible to untrusted parties.
Extended Description
N/A
ThreatScore
Threat Mapped score: 0.0
Industry: Finiancial
Threat priority: Unclassified
Observed Examples (CVEs)
No observed examples available.
Related Attack Patterns (CAPEC)
N/A
Attack TTPs
N/A
Modes of Introduction
Phase
Note
Operation
N/A
Architecture and Design
COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic.
Common Consequences
Impact: Read Application Data — Notes:
Potential Mitigations
Implementation: Avoid storing information under the FTP root directory. (N/A)
System Configuration: Access control permissions should be set to prevent reading/writing of sensitive files inside/outside of the FTP directory. (N/A)