CVEbaza.plCWE DictionaryCWE-767
Common Weakness Enumeration

CWE-767

Access to Critical Private Variable via Public Method

Category: BaseCVE: 4
Description

The product defines a public method that reads or modifies a private variable.

Extended Description

If an attacker modifies the variable to contain unexpected values, this could violate assumptions from other parts of the code. Additionally, if an attacker can read the private variable, it may expose sensitive information or make it easier to launch further attacks.

CVE vulnerabilities with CWE-767 (4)
7.5
CVSS
HIGH
CVE-2020-26868

ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimate web clients. This issue also affects third-party systems based on the Web Services Toolkit.

pub. 2020-10-12
7.3
CVSS
HIGH
CVE-2016-8380

The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.

pub. 2018-04-05
6.5
CVSS
MEDIUM
CVE-2024-36463

The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects.

pub. 2024-11-26
5.3
CVSS
MEDIUM
CVE-2024-34162

The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to "SIMPLE", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

pub. 2024-11-26
Information
ID: CWE-767
Type: Base
Vulnerabilities: 4
MITRE CWE ↗
← CWE Dictionary