CWE-610 – Externally Controlled Reference to a Resource in Another Sphere

Read Time:15 Second

Description

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-664

 

Consequences

Confidentiality, Integrity: Read Application Data, Modify Application Data

 

Potential Mitigations

CVE References