CWE-500 - Public Static Field Not Marked Final

CWE-500 High

Abstraction:
Variant

Structure:
Simple

Status:
Draft

Weakness Name: Public Static Field Not Marked Final

Description: An object contains a public static field that is not marked final, which might allow it to be modified in unexpected ways.
Public static variables can be read without an accessor and changed without a mutator by any classes in the application.

Common Consequences: Scope: Integrity
Impact: Modify Application Data
Notes: The object could potentially be tampered with.
Scope: Confidentiality
Impact: Read Application Data
Notes: The object could potentially allow the object to be read.

Related Weaknesses: CWE-493Critical Public Variable Without Final ModifierHigh

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard