The product stores sensitive information without properly limiting read or write access by unauthorized actors.
Extended description
If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.