CWE-671: Lack of Administrator Control over Security
low-riskThe product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect the environment in which the product is being used. This introduces resultant weaknesses or prevents it from operating at a level of security that is desired by the administrator.
Abstraction: Class
Common Consequences
Other
→
Varies by Context
Real-World Examples (4)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2022-29163 | 3.5 | 0.5% | — |
| CVE-2023-20115 | 5.4 | 0.3% | — |
| CVE-2025-24024 | 9.1 | 0.2% | — |
| CVE-2018-13283 | 8.8 | 0.2% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal