• Components with known Vulnerabilities

    This kind of threat occurs when the components such as libraries and frameworks used within the app almost always execute with full privileges. If a vulnerable component is exploited, it makes the hacker’s job easier to cause a serious data loss or server takeover.

    Example

    The following examples are of using components with known vulnerabilities −

    • Attackers can invoke any web service with full permission by failing to provide an identity token.

    • Remote-code execution with Expression Language injection vulnerability is introduced through the Spring Framework for Java-based apps.