Alternate Name: Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Vulnerability ABE
Category: [a] Class
An information security #@#@vulnerability#@#@ is a mistake in software that can be directly used by a hacker to gain access to a system or network. \n\nCVE considers a mistake a vulnerability if it allows an attacker to use it to violate a reasonable security policy for that system (this excludes excluding entirely #@#@open#@#@ security policies in which all users are trusted, or where there is no consideration of risk to the system). \n\nFor CVE, a vulnerability is a state in a computing system (or set of systems) that either: \n\n · allows an attacker to execute commands as another user \n · allows an attacker to access data that is contrary to the specified access restrictions for that data \n · allows an attacker to pose as another entity \n · allows an attacker to conduct a denial of service \n\nsource: http://cve.mitre.org
This was created from the Frameworx 16.0 Model