CWE-492 – Use of Inner Class Containing Sensitive Data
Description Inner classes are translated into classes that are accessible at package scope and may expose code that the programmer intended to keep private to...
CWE-493 – Critical Public Variable Without Final Modifier
Description The product has a critical public variable that is not final, which allows the variable to be modified to contain unexpected values. If a...
CWE-494 – Download of Code Without Integrity Check
Description The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of...
CWE-495 – Private Data Structure Returned From A Public Method
Description The product has a method that is declared public, but returns a reference to a private data structure, which could then be modified in...
CWE-496 – Public Data Assigned to Private Array-Typed Field
Description Assigning public data to a private array is equivalent to giving public access to the array. Modes of Introduction: - Implementation Related...
CWE-497 – Exposure of Sensitive System Information to an Unauthorized Control Sphere
Description The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access...
CWE-498 – Cloneable Class Containing Sensitive Information
Description The code contains a class with sensitive data, but the class is cloneable. The data can then be accessed by cloning the class. Cloneable...
CWE-499 – Serializable Class Containing Sensitive Data
Description The code contains a class with sensitive data, but the class does not explicitly deny serialization. The data can be accessed by serializing the...
CWE-5 – J2EE Misconfiguration: Data Transmission Without Encryption
Description Information sent over a network can be compromised while in transit. An attacker may be able to read or modify the contents if the...
CWE-50 – Path Equivalence: ‘//multiple/leading/slash’
Description A software system that accepts path input in the form of multiple leading slash ('//multiple/leading/slash') without appropriate validation can lead to ambiguous path resolution...