CWE-673 - External Influence of Sphere Definition

• Abstraction:
• Class

• Structure:
• Simple

• Status:
• Draft

Weakness Name

External Influence of Sphere Definition

Description

The product does not prevent the definition of control spheres from external actors.

Typically, a product defines its control sphere within the code itself, or through configuration by the product's administrator. In some cases, an external party can change the definition of the control sphere. This is typically a resultant weakness.

Common Consequences

Scope: Other

Impact: Other

Related Weaknesses

CWE-664Improper Control of a Resource Through its Lifetime

• Release Date:
• 2008-04-11

• Latest Modification Date:
• 2023-10-26

Top Security News

Bitbucket services “hard down” due to major worldwide outage

SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation

Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025

Cloudflare CDN flaw leaks user location data, even through secure chat apps

Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704)

Windows 11 24H2 now rolling out, here are the new features

Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server

Common Alerts

InformationalSec-Fetch-Dest Header Has an Invalid Value

InformationalStorable and Cacheable Content

MediumSession ID in URL Rewrite

MediumBuffer Overflow

InformationalCookie Poisoning

HighServer Side Template Injection

HighAccess Control Issue - Improper Authentication

MediumExponential Entity Expansion (Billion Laughs Attack)

HighServer Side Template Injection (Blind)

HighRemote Code Execution - CVE-2012-1823

Latest CVE List

CVE-2025-23006 SonicWall SMA1000 Appliances Deserialization Vulnerability

CVE-2020-11023 JQuery Cross-Site Scripting (XSS) Vulnerability

CVE-2024-50603 Aviatrix Controllers OS Command Injection Vulnerability

CVE-2024-55591 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

CVE-2025-21333 Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability

CVE-2025-21334 Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability

CVE-2025-21335 Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability

CVE-2024-12686 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability

CVE-2023-48365 Qlik Sense HTTP Tunneling Vulnerability

CVE-2025-0282 Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

Top CWE List

CWE-693 Protection Mechanism Failure

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

MediumCWE-352 Cross-Site Request Forgery (CSRF)

HighCWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-1021 Improper Restriction of Rendered UI Layers or Frames

CWE-1053 Missing Documentation for Design

CWE-1426 Improper Validation of Generative AI Output

CWE-284 Improper Access Control

CWE-304 Missing Critical Step in Authentication

CWE-307 Improper Restriction of Excessive Authentication Attempts