Dark Mode
Capec-212 Detail
Functionality Misuse
Meta Software Hardware Likelihood: Medium Typical Severity: Medium
Children: 2 48 50 111 620 682
Threats: T62 T284 T295 T389 T403
An adversary leverages a legitimate capability of an application in such a way as to achieve a negative technical impact. The system functionality is not altered or modified but used in a way that was not intended. This is often accomplished through the overuse of a specific functionality or by leveraging functionality with design flaws that enables the adversary to gain access to unauthorized, sensitive data.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-212 | capec | https://capec.mitre.org/data/definitions/212.html | |
| CWE-1242 | cwe | http://cwe.mitre.org/data/definitions/1242.html | |
| CWE-1246 | cwe | http://cwe.mitre.org/data/definitions/1246.html | |
| CWE-1281 | cwe | http://cwe.mitre.org/data/definitions/1281.html |
Not present
- The adversary has the capability to interact with the application directly.The target system does not adequately implement safeguards to prevent misuse of authorized actions/processes.
Not present
| Low |
|---|
| General computer knowledge about how applications are launched, how they interact with input/output, and how they are configured. |
| Integrity | Availability | Confidentiality |
|---|---|---|
| Other (Depending on the adversary's intended technical impact, a successful attack of this kind can compromise any or all elements of the security triad.) | Other (Depending on the adversary's intended technical impact, a successful attack of this kind can compromise any or all elements of the security triad.) | Gain Privileges (A successful attack of this kind can compromise the confidentiality of an authorized user's credentials.) |
| Other (Depending on the adversary's intended technical impact, a successful attack of this kind can compromise any or all elements of the security triad.) |
Not present