CWE-767 - Access to Critical Private Variable via Public Method

CWE-767

Abstraction:
Base

Structure:
Simple

Status:
Incomplete

Weakness Name: Access to Critical Private Variable via Public Method

Description: The product defines a public method that reads or modifies a private variable.
If an attacker modifies the variable to contain unexpected values, this could violate assumptions from other parts of the code. Additionally, if an attacker can read the private variable, it may expose sensitive information or make it easier to launch further attacks.

Common Consequences: Scope: Integrity, Other
Impact: Modify Application Data, Other

Related Weaknesses: CWE-668Exposure of Resource to Wrong Sphere

Release Date:
2009-05-27

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard