SYM_JAVA_0053 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Privilege Management
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-269: Improper Privilege Management |
| OWASP | A04:2021 - Insecure Design |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Using Java's doPrivileged blocks can grant elevated permissions to code, potentially allowing untrusted or less-privileged code to perform sensitive actions. If not carefully scoped, this can unintentionally expose critical resources or operations.
Impact
Attackers may exploit overly broad or misused privileged code sections to bypass security checks and access files, system resources, or perform actions outside their intended permissions. This can lead to data breaches, unauthorized actions, or compromise of the application's security boundaries.