logo

CWE-500 - Public Static Field Not Marked Final

CWE-500 High

  • Abstraction:
  • Variant
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Public Static Field Not Marked Final

Description

An object contains a public static field that is not marked final, which might allow it to be modified in unexpected ways.

Public static variables can be read without an accessor and changed without a mutator by any classes in the application.

Common Consequences

Scope: Integrity

Impact: Modify Application Data

Notes: The object could potentially be tampered with.

Scope: Confidentiality

Impact: Read Application Data

Notes: The object could potentially allow the object to be read.

Related Weaknesses
  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website