The product uses a fabric bridge for transactions between two Intellectual Property (IP) blocks, but the bridge does not properly perform the expected privilege, identity, or other access control checks between those IP blocks.

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.