CWE-1108 - Excessive Reliance on Global Variables
- Abstraction:Base
- Structure:Simple
- Status:Incomplete
- Release Date:2019-01-03
- Latest Modification Date:2023-06-29
Weakness Name
Excessive Reliance on Global Variables
Description
The code is structured in a way that relies too much on using or setting global variables throughout various points in the code, instead of preserving the associated information in a narrower, more local context.
This issue makes it more difficult to maintain the product, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.
Common Consequences
Scope: Other
Impact: Reduce Maintainability
Related Weaknesses
Oracle denies breach after hacker claims theft of 6 million data records
Oracle Health breach compromises patient data at US hospitals
Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825)
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites
CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)
RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations
Employee charged with stealing unreleased movies, sharing them online
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
InformationalSec-Fetch-Dest Header Has an Invalid Value
InformationalLoosely Scoped Cookie
MediumReverse Tabnabbing
MediumBypassing 403
InformationalImage Exposes Location or Privacy Data
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
HighCWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code
CWE-637 Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')
CWE-402 Transmission of Private Resources into a New Sphere ('Resource Leak')
CWE-1118 Insufficient Documentation of Error Handling Techniques