Description

The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.

Extended Description

N/A

---

ThreatScore

Threat Mapped score: 1.8

Industry: Finiancial

Threat priority: P4 - Informational (Low)

---

Observed Examples (CVEs)

• CVE: CVE-2022-29238

  Access-control setting in web-based document collaboration tool is not properly implemented by the code, which prevents listing hidden directories but does not prevent direct requests to files in those directories.

Related Attack Patterns (CAPEC)

---

Attack TTPs

Malware

APTs (Intrusion Sets)

Modes of Introduction

Phase	Note
Architecture and Design	N/A

Common Consequences

Potential Mitigations

Applicable Platforms

• None (Not Language-Specific, Undetermined)

---

Demonstrative Examples

N/A

Notes

← Back to CWE list