The software performs an authorization check when an actor
attempts to access a resource or perform an action, but it does not correctly
perform the check. This allows attackers to bypass intended access
The software does not validate or incorrectly validates the
integrity check values or "checksums" of a message. This may prevent it from
detecting if the data has been modified or corrupted in transmission.