VYPR

CWE-693

Protection Mechanism Failure

PillarDraft

Description

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

This weakness covers three distinct situations. A "missing" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An "insufficient" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an "ignored" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-1 · CAPEC-107 · CAPEC-127 · CAPEC-17 · CAPEC-20 · CAPEC-22 · CAPEC-237 · CAPEC-36 · CAPEC-477 · CAPEC-480 · CAPEC-51 · CAPEC-57 · CAPEC-59 · CAPEC-65 · CAPEC-668 · CAPEC-74 · CAPEC-87

CVEs mapped to this weakness (353)

page 9 of 18
  • CVE-2026-48033higJun 10, 2026
    risk 0.38cvss epss 0.00

    **Affected:** `@hulumi/policies` `< 1.4.0` — **Fixed in:** `1.4.0` — **Severity:** High — **CWE-693 (Protection Mechanism Failure)** #### Summary Pulumi gives every cloud resource a structured URN that includes the resource's type chain…

  • CVE-2026-44982higMay 27, 2026
    risk 0.38cvss epss 0.00

    ## Summary The CrowdSec AppSec component fails to read the HTTP request body for any request whose `Content-Length` is not positive — most notably HTTP/1.1 requests using `Transfer-Encoding: chunked` and HTTP/2 requests sent without a `content-length` header. Coraza is then…

  • CVE-2021-1494MedNov 15, 2024
    risk 0.38cvss 5.8epss 0.01

    Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An…

  • CVE-2018-0384MedJul 16, 2018
    risk 0.38cvss 5.8epss 0.03

    A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a URL-based access control policy that is configured to block traffic for an affected system. The vulnerability exists because the affected…

  • CVE-2018-0333MedJun 7, 2018
    risk 0.38cvss 5.8epss 0.02

    A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic configuration changes that could allow an attacker to bypass configured…

  • CVE-2018-0297MedMay 17, 2018
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the detection engine of Cisco Firepower Threat Defense software could allow an unauthenticated, remote attacker to bypass a configured Secure Sockets Layer (SSL) Access Control (AC) policy to block SSL traffic. The vulnerability is due to the incorrect…

  • CVE-2018-0244MedApr 19, 2018
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy to drop the Server Message Block (SMB) protocol if a malware file is detected. The vulnerability is due to how the…

  • CVE-2018-0243MedApr 19, 2018
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy that is intended to drop the Server Message Block Version 2 (SMB2) and SMB Version 3 (SMB3) protocols if malware…

  • CVE-2024-36315MedMay 13, 2026
    risk 0.37cvss epss 0.00

    Improper enforcement of the LFENCE serialization property may allow an attacker to bypass speculation barriers and potentially disclose sensitive information, potentially resulting in loss of confidentiality.

  • CVE-2025-30431MedJun 11, 2026
    risk 0.36cvss 5.5epss 0.00

    The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to access private information.

  • CVE-2026-28914MedMay 11, 2026
    risk 0.36cvss 5.5epss 0.00

    A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks.

  • CVE-2026-45595MedJun 9, 2026
    risk 0.35cvss 5.4epss 0.00

    Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.

  • CVE-2026-6774MedApr 21, 2026
    risk 0.35cvss 5.4epss 0.00

    Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2026-22723MedMar 5, 2026
    risk 0.35cvss 6.5epss 0.00

    Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0.

  • CVE-2024-11734MedJan 14, 2025
    risk 0.35cvss 6.5epss 0.01

    A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server…

  • CVE-2024-38874MedJun 21, 2024
    risk 0.35cvss 5.4epss 0.00

    An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events…

  • CVE-2024-0681MedMar 13, 2024
    risk 0.35cvss 5.3epss 0.01

    The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.3.4. This is due to the plugin not properly restricting access to pages via the REST API when a page has been made…

  • CVE-2024-0680MedFeb 28, 2024
    risk 0.35cvss 5.3epss 0.01

    The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for…

  • CVE-2023-0085MedMar 2, 2023
    risk 0.35cvss 5.3epss 0.01

    The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted during a form submission. This makes it possible for…

  • CVE-2018-9313MedMay 31, 2018
    risk 0.35cvss 5.3epss 0.01

    The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot.