CWE-706 – Use of Incorrectly-Resolved Name or Reference

Read Time:18 Second

Description

The software uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-664
CWE-99

 

Consequences

Confidentiality, Integrity: Read Application Data, Modify Application Data

 

Potential Mitigations

CVE References