CWE-693: Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

446

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Pillar

Abstraction

MITRE classification

Overview

This weakness covers three distinct situations. A "missing" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An "insufficient" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an "ignored" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.

CWE-693: Protection Mechanism Failure

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

Attack patterns

Frequently asked questions

What is CWE-693?

What CVEs are caused by CWE-693?

What are the consequences of CWE-693?

Is CWE-693 actively exploited?

References

Stay ahead of CWE-693

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

Related weaknesses

Child

Attack patterns

Frequently asked questions

What is CWE-693?

What CVEs are caused by CWE-693?

What are the consequences of CWE-693?

Is CWE-693 actively exploited?

References

Stay ahead of CWE-693