Vulnerability template

Last revision (mm/dd/yy): //

Every Vulnerability should follow this template.

Description
A vulnerability is a weakness in an application (frequently a broken or missing control) that enables an attack to succeed. Be sure you don't put [attacks] or [controls] in this category.


 * 1) Start with a one-sentence description of the vulnerability
 * 2) What is the problem that creates the vulnerability?
 * 3) What are the attacks that target this vulnerability?
 * 4) What are the technical impacts of this vulnerability?

Risk Factors

 * Talk about the factors that make this vulnerability likely or unlikely to actually happen
 * Discuss the technical impact of a successful exploit of this vulnerability
 * Consider the likely [business impacts] of a successful attack

Short example name

 * A short example description, small picture, or sample code with links

Short example name

 * A short example description, small picture, or sample code with links

Related Attacks

 * Attack 1
 * Attack 2

Related Vulnerabilities

 * Vulnerability 1
 * Vulnerabiltiy 2

Note: the contents of "Related Problems" sections should be placed here

Related Controls

 * Control 1
 * Control 2

Note: contents of "Avoidance and Mitigation" and "Countermeasure" related Sections should be placed here

Related Technical Impacts

 * Technical Impact 1
 * Technical Impact 2