Cybersecurity Reference > Glossary
A vulnerability is an unintended property of any environment, information system, security procedure, or internal control that can be used for unauthorized access to data or resources.
In practice, vulnerabilities often result from errors or oversight in code, configuration, policy, or practices, and are often exploited by internal or external attackers for illicit purposes. Vulnerabilities can exist in hardware, software, networks, personnel, environment, organizations, or in particular combinations of these.
The places, systems, user interfaces, or other conceptual areas where vulnerabilities may be actively sought by attackers are commonly referred to as attack surfaces.