8 lines
751 B
Plaintext
8 lines
751 B
Plaintext
The access control of an application must be properly implemented in order to restrict access to resources to authorized entities otherwise this could lead to vulnerabilities:
|
|
|
|
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12999[CVE-2018-12999]
|
|
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10285[CVE-2018-10285]
|
|
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7455[CVE-2017-7455]
|
|
|
|
Granting correct permissions to users, applications, groups or roles and defining required permissions that allow access to a resource is sensitive, must therefore be done with care. For instance, it is obvious that only users with administrator privilege should be authorized to add/remove the administrator permission of another user.
|