SFP Secondary Cluster: Insecure Resource Access
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
This category identifies Software Fault Patterns (SFPs) within the Insecure Resource Access cluster (SFP35).
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.
The server contains a protection mechanism that assumes that any URI that is accessed using HTTP GET will not cause a state change to the associated resource. This mig...
CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).