CWE-304
AllowedMissing Critical Step in Authentication
Abstraction: Base · Status: Draft
The product implements an authentication technique, but it skips a step that weakens the technique.
60 vulnerabilities reference this CWE, most recent first.
CVE-2011-3172 (GCVE-0-2011-3172)
Vulnerability from cvelistv5 – Published: 2018-06-08 13:00 – Updated: 2024-09-17 04:28| URL | Tags |
|---|---|
| https://build.opensuse.org/request/show/80346 | x_refsource_CONFIRM |
| https://bugzilla.suse.com/show_bug.cgi?id=707645 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE | SUSE Linux Enterprise |
Affected:
unspecified , < 12
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:22:27.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://build.opensuse.org/request/show/80346"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=707645"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SUSE Linux Enterprise",
"vendor": "SUSE",
"versions": [
{
"lessThan": "12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Michael Calmer of SUSE"
}
],
"datePublic": "2011-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-304",
"description": "CWE-304",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:42.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://build.opensuse.org/request/show/80346"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=707645"
}
],
"source": {
"defect": [
"707645"
],
"discovery": "INTERNAL"
},
"title": "unix2_chkpwd do not check for a valid account",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2011-08-31T00:00:00.000Z",
"ID": "CVE-2011-3172",
"STATE": "PUBLIC",
"TITLE": "unix2_chkpwd do not check for a valid account"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Linux Enterprise",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "12"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Michael Calmer of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-304"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://build.opensuse.org/request/show/80346",
"refsource": "CONFIRM",
"url": "https://build.opensuse.org/request/show/80346"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=707645",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=707645"
}
]
},
"source": {
"defect": [
"707645"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2011-3172",
"datePublished": "2018-06-08T13:00:00.000Z",
"dateReserved": "2011-08-19T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:28:45.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-262P-FJ3F-XH7V
Vulnerability from github – Published: 2026-06-26 15:32 – Updated: 2026-06-30 03:37It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue.
{
"affected": [],
"aliases": [
"CVE-2026-57915"
],
"database_specific": {
"cwe_ids": [
"CWE-304",
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-26T13:16:35Z",
"severity": "HIGH"
},
"details": "It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue.",
"id": "GHSA-262p-fj3f-xh7v",
"modified": "2026-06-30T03:37:14Z",
"published": "2026-06-26T15:32:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57915"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-57915"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493407"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/1y3glgh3kzwoxo5m2lq504cjlh1dsrfh"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-57915.json"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/06/26/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-2G9R-W7MH-F2H2
Vulnerability from github – Published: 2025-06-06 06:30 – Updated: 2025-06-09 15:31A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-5715"
],
"database_specific": {
"cwe_ids": [
"CWE-304",
"CWE-306"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-06T04:15:55Z",
"severity": "LOW"
},
"details": "A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-2g9r-w7mh-f2h2",
"modified": "2025-06-09T15:31:38Z",
"published": "2025-06-06T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5715"
},
{
"type": "WEB",
"url": "https://drive.google.com/file/d/1tI0bC8X8546ActlzGlmSU-AhCdD950y4/view"
},
{
"type": "WEB",
"url": "https://drive.google.com/file/d/1tI0bC8X8546ActlzGlmSU-AhCdD950y4/view?usp=drivesdk"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.311236"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.311236"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.585069"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-2H9F-XM25-Q379
Vulnerability from github – Published: 2025-01-06 06:30 – Updated: 2025-01-06 15:30In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08990446 / ALPS09057442; Issue ID: MSV-1598.
{
"affected": [],
"aliases": [
"CVE-2024-20153"
],
"database_specific": {
"cwe_ids": [
"CWE-304"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-06T04:15:07Z",
"severity": "HIGH"
},
"details": "In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08990446 / ALPS09057442; Issue ID: MSV-1598.",
"id": "GHSA-2h9f-xm25-q379",
"modified": "2025-01-06T15:30:59Z",
"published": "2025-01-06T06:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20153"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/January-2025"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3J5R-3852-J63V
Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-20 12:32A missing check_access() function in the lollms_binding_infos module of the parisneo/lollms repository, version V14, allows attackers to add, modify, and remove bindings arbitrarily. This vulnerability affects the /install_binding and /reinstall_binding endpoints, among others, enabling unauthorized access and manipulation of binding settings without requiring the client_id value.
{
"affected": [],
"aliases": [
"CVE-2024-11302"
],
"database_specific": {
"cwe_ids": [
"CWE-304"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-20T10:15:25Z",
"severity": "HIGH"
},
"details": "A missing check_access() function in the lollms_binding_infos module of the parisneo/lollms repository, version V14, allows attackers to add, modify, and remove bindings arbitrarily. This vulnerability affects the /install_binding and /reinstall_binding endpoints, among others, enabling unauthorized access and manipulation of binding settings without requiring the client_id value.",
"id": "GHSA-3j5r-3852-j63v",
"modified": "2025-03-20T12:32:42Z",
"published": "2025-03-20T12:32:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11302"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/e341304b-4651-4de9-b7b9-b89aead3b46e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3JRW-G6MQ-CX56
Vulnerability from github – Published: 2025-07-08 15:32 – Updated: 2025-07-08 15:32A missing critical step in authentication vulnerability [CWE-304] in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, and before 7.0.16 & FortiProxy version 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.13 and before 7.0.20 allows an API-user using api-key + PKI user certificate authentication to login even if the certificate is invalid.
{
"affected": [],
"aliases": [
"CVE-2024-52965"
],
"database_specific": {
"cwe_ids": [
"CWE-304"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T15:15:22Z",
"severity": "HIGH"
},
"details": "A missing critical step in authentication vulnerability [CWE-304] in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, and before 7.0.16 \u0026 FortiProxy version 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.13 and before 7.0.20 allows an API-user using api-key + PKI user certificate authentication to login even if the certificate is invalid.",
"id": "GHSA-3jrw-g6mq-cx56",
"modified": "2025-07-08T15:32:03Z",
"published": "2025-07-08T15:32:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52965"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-511"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3VXM-73WH-V829
Vulnerability from github – Published: 2025-08-07 17:34 – Updated: 2025-08-07 17:34LinkJoin through 882f196 mishandles token ownership in password reset.
{
"affected": [],
"aliases": [
"CVE-2025-55138"
],
"database_specific": {
"cwe_ids": [
"CWE-304"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-07T17:15:30Z",
"severity": "HIGH"
},
"details": "LinkJoin through 882f196 mishandles token ownership in password reset.",
"id": "GHSA-3vxm-73wh-v829",
"modified": "2025-08-07T17:34:43Z",
"published": "2025-08-07T17:34:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55138"
},
{
"type": "WEB",
"url": "https://github.com/Latkecrszy/linkjoin/pull/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4M6J-23P2-8C54
Vulnerability from github – Published: 2024-02-26 20:04 – Updated: 2024-02-26 20:04Impact
The SAML implementation provided by armeria-saml currently accepts unsigned SAML messages (assertions, logout requests, etc.) as they are, rather than rejecting them by default. As a result, an attacker can forge a SAML message to authenticate themselves, despite the fact that such an unsigned SAML message should be rejected.
Patches
The vulnerability has been patched in Armeria version 1.27.2. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later.
Workarounds
There is no known workaround for this vulnerability.
References
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.27.1"
},
"package": {
"ecosystem": "Maven",
"name": "com.linecorp.armeria:armeria-saml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.27.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-1735"
],
"database_specific": {
"cwe_ids": [
"CWE-304"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-26T20:04:37Z",
"nvd_published_at": "2024-02-26T16:27:53Z",
"severity": "CRITICAL"
},
"details": "### Impact\n\nThe SAML implementation provided by `armeria-saml` currently accepts unsigned SAML messages (assertions, logout requests, etc.) as they are, rather than rejecting them by default. As a result, an attacker can forge a SAML message to authenticate themselves, despite the fact that such an unsigned SAML message should be rejected.\n\n### Patches\n\nThe vulnerability has been patched in Armeria version 1.27.2. All users who rely on `armeria-saml` older than version 1.27.2 must upgrade to 1.27.2 or later.\n\n### Workarounds\n\nThere is no known workaround for this vulnerability.\n\n### References\n\n[`SamlMessageUtil.validateSignature()`](https://github.com/line/armeria/blob/0efc776988d71be4da6e506ec8a33c2b7b43f567/saml/src/main/java/com/linecorp/armeria/server/saml/SamlMessageUtil.java#L160-L163)",
"id": "GHSA-4m6j-23p2-8c54",
"modified": "2024-02-26T20:04:37Z",
"published": "2024-02-26T20:04:37Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/line/armeria/security/advisories/GHSA-4m6j-23p2-8c54"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1735"
},
{
"type": "WEB",
"url": "https://github.com/line/armeria/commit/b2aa9f49b46a7b0e03d8b8d753809cd1e8e2016c"
},
{
"type": "PACKAGE",
"url": "https://github.com/line/armeria"
},
{
"type": "WEB",
"url": "https://github.com/line/armeria/blob/0efc776988d71be4da6e506ec8a33c2b7b43f567/saml/src/main/java/com/linecorp/armeria/server/saml/SamlMessageUtil.java#L160-L163"
},
{
"type": "WEB",
"url": "https://github.com/line/armeria/releases/tag/armeria-1.27.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Armeria SAML authentication bypass due to missing validation on unsigned SAML messages"
}
GHSA-4P5R-3JMM-652Q
Vulnerability from github – Published: 2025-09-15 21:30 – Updated: 2025-09-15 23:59Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.liferay:com.liferay.multi.factor.authentication.timebased.otp.web"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.25"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-43798"
],
"database_specific": {
"cwe_ids": [
"CWE-304"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-15T23:59:59Z",
"nvd_published_at": "2025-09-15T21:15:35Z",
"severity": "LOW"
},
"details": "Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times during the validity period, which allows attackers with access to a user\u2019s TOTP to authenticate as the user.",
"id": "GHSA-4p5r-3jmm-652q",
"modified": "2025-09-15T23:59:59Z",
"published": "2025-09-15T21:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43798"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/1df25e46675afe7c3a2754bf8968bcb9677db950"
},
{
"type": "PACKAGE",
"url": "https://github.com/liferay/liferay-portal"
},
{
"type": "WEB",
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43798"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Liferay DXP Missing Critical Step in Authentication"
}
GHSA-5565-9R8P-CJCG
Vulnerability from github – Published: 2025-08-20 15:31 – Updated: 2025-11-03 21:34An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2025-24322"
],
"database_specific": {
"cwe_ids": [
"CWE-304"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-20T14:15:42Z",
"severity": "HIGH"
},
"details": "An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability.",
"id": "GHSA-5565-9r8p-cjcg",
"modified": "2025-11-03T21:34:22Z",
"published": "2025-08-20T15:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24322"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2163"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2163"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.