The product does not use or incorrectly uses a protection
					mechanism that provides sufficient defense against directed attacks against the
					product.This weakness covers three distinct situations. A "missing" protection
						mechanism occurs when the application does not define any mechanism against
						a certain class of attack. An "insufficient" protection mechanism might
						provide some defenses - for example, against the most common attacks - but
						it does not protect against everything that is intended. Finally, an
						"ignored" mechanism occurs when a mechanism is available and in active use
						within the product, but the developer has not applied it in some code
						path.