Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-693 (保护机制失效) — Vulnerability Class 224

224 vulnerabilities classified as CWE-693 (保护机制失效). AI Chinese analysis included.

CWE-693 represents a critical vulnerability where software fails to implement or correctly utilize necessary security controls, leaving systems exposed to directed attacks. This weakness manifests in two primary forms: missing mechanisms, where no defense exists for a specific threat vector, and insufficient mechanisms, where existing safeguards are inadequate or improperly configured. Attackers typically exploit these gaps by bypassing authentication, escalating privileges, or accessing sensitive data that should have been restricted. To mitigate this risk, developers must conduct rigorous threat modeling to identify all potential attack surfaces and ensure comprehensive security controls are in place. Regular code reviews and automated security testing help verify that protection mechanisms function as intended. By adopting a defense-in-depth strategy and validating that every security feature is both present and robust, organizations can significantly reduce the likelihood of exploitation and maintain the integrity of their applications.

MITRE CWE Description
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. This weakness covers three distinct situations. A "missing" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An "insufficient" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an "ignored" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.
Common Consequences (1)
Access ControlBypass Protection Mechanism
CVE IDTitleCVSSSeverityPublished
CVE-2024-28903 Secure Boot Security Feature Bypass Vulnerability — Windows 10 Version 1809 6.7 Medium2024-04-09
CVE-2024-28919 Secure Boot Security Feature Bypass Vulnerability — Windows 10 Version 1809 6.7 Medium2024-04-09
CVE-2024-28921 Secure Boot Security Feature Bypass Vulnerability — Windows 10 Version 1809 6.7 Medium2024-04-09
CVE-2024-28920 Secure Boot Security Feature Bypass Vulnerability — Windows 10 Version 1809 7.8 High2024-04-09
CVE-2024-26250 Secure Boot Security Feature Bypass Vulnerability — Windows 10 Version 1809 6.7 Medium2024-04-09
CVE-2024-20669 Secure Boot Security Feature Bypass Vulnerability — Windows 10 Version 1809 6.7 Medium2024-04-09
CVE-2024-30370 RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability — WinRAR 8.8AIHighAI2024-04-02
CVE-2024-28248 Cilium intermittent HTTP policy bypass — cilium 7.2 High2024-03-18
CVE-2024-26163 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability — Microsoft Edge (Chromium-based) 4.7 Medium2024-03-14
CVE-2024-24562 Security headers not set in vantage6-UI — vantage6-UI 5.4 Medium2024-03-14
CVE-2024-0681 Page Restriction WordPress (WP) – Protect WP Pages/Post <= 1.3.4 - Protection Mechanism Bypass — Page and Post Restriction 5.3 Medium2024-03-13
CVE-2024-0682 Page Restrict <= 2.5.5 - Protection Mechanism Bypass — Page Restrict 5.3 Medium2024-02-28
CVE-2024-0680 WP Private Content Plus <= 3.6 - Protection Mechanism Bypass — WP Private Content Plus 5.3 Medium2024-02-28
CVE-2024-21423 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability — Microsoft Edge (Chromium-based) 4.8 Medium2024-02-23
CVE-2024-21412 Internet Shortcut Files Security Feature Bypass Vulnerability — Windows 11 version 21H2 8.1 High2024-02-13
CVE-2024-20673 Microsoft Office Remote Code Execution Vulnerability — Microsoft Office 2019 7.8 High2024-02-13
CVE-2023-4466 Poly CCX 400/CCX 600/Trio 8800/Trio C60 Web Interface protection mechanism — CCX 400 2.7 Low2023-12-29
CVE-2014-125107 Corveda PHPSandbox String protection mechanism — PHPSandbox 4.3 Medium2023-12-19
CVE-2023-5875 Lack of Hardening against media exploitation from a remote origin — Mattermost Desktop 3.7 Low2023-11-02
CVE-2023-5557 Tracker-miners: sandbox escape — Red Hat Enterprise Linux 8 7.5 High2023-10-13
CVE-2023-45132 IgnoreIP/IgnoreCIDR should not trust X-Forwarded-For — naxsi 9.1 Critical2023-10-11
CVE-2023-34984 Fortinet FortiWeb 安全漏洞 — FortiWeb 7.1 High2023-09-13
CVE-2023-4039 GCC's-fstack-protector fails to guard dynamically-sized local variables on AArch64 — Arm GNU Toolchain 4.8 Medium2023-09-13
CVE-2023-32493 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 7.3 High2023-08-16
CVE-2023-3089 Ocp & fips mode — openshift 7.0 High2023-07-05
CVE-2023-30757 Siemens TIA Portal 安全漏洞 — Totally Integrated Automation Portal (TIA Portal) V14 6.2 Medium2023-06-13
CVE-2023-30851 Potential HTTP policy bypass when using header rules in Cilium — cilium 2.6 Low2023-05-25
CVE-2023-0085 Metform Elementor Contact Form Builder <= 3.2.1 - reCaptcha Protection Bypass — MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor 5.3 Medium2023-03-02
CVE-2023-0002 Cortex XDR Agent: Product Disruption by Local Windows User — Cortex XDR agent 5.5 Medium2023-02-08
CVE-2022-32537 Medtronic MiniMed 600 Series Pump System Communication Issue — Minimed 600 Series Insulin Pump 4.8 Medium2022-11-17

Vulnerabilities classified as CWE-693 (保护机制失效) represent 224 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.