Description
An object contains a public static field that is not marked final, which might allow it to be modified in unexpected ways.
Public static variables can be read without an accessor and changed without a mutator by any classes in the application.
When a field is declared public but not final, the field can be read and written to by arbitrary Java code.
Modes of Introduction:
– Implementation
Likelihood of Exploit: High
Related Weaknesses
Consequences
Integrity: Modify Application Data
The object could potentially be tampered with.
Confidentiality: Read Application Data
The object could potentially allow the object to be read.
Potential Mitigations
Phase: Architecture and Design
Description:
Clearly identify the scope for all critical data elements, including whether they should be regarded as static.
Phase: Implementation
Description: