CWE-8 - J2EE Misconfiguration: Entity Bean Declared Remote

CWE-8

Abstraction:
Variant

Structure:
Simple

Status:
Incomplete

Weakness Name: J2EE Misconfiguration: Entity Bean Declared Remote

Description: When an application exposes a remote interface for an entity bean, it might also expose methods that get or set the bean's data. These methods could be leveraged to read sensitive information, or to change data in ways that violate the application's expectations, potentially leading to other vulnerabilities.

Common Consequences: Scope: Confidentiality, Integrity
Impact: Read Application Data, Modify Application Data

Related Weaknesses: CWE-668Exposure of Resource to Wrong Sphere

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard