CVEbaza.plSłownik CWECWE-767
Common Weakness Enumeration

CWE-767

Access to Critical Private Variable via Public Method

Kategoria: BaseCVE: 4
Opis

Produkt definiuje metodę publiczną, która odczytuje lub modyfikuje zmienną prywatną. Stanowi to podatność bezpieczeństwa, ponieważ umożliwia nieautoryzowany dostęp do wrażliwych danych.

Description (EN)

The product defines a public method that reads or modifies a private variable.

Podatności CVE z CWE-767 (4)
7.5
CVSS
HIGH
CVE-2020-26868

ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimate web clients. This issue also affects third-party systems based on the Web Services Toolkit.

pub. 2020-10-12
7.3
CVSS
HIGH
CVE-2016-8380

The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.

pub. 2018-04-05
6.5
CVSS
MEDIUM
CVE-2024-36463

The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects.

pub. 2024-11-26
5.3
CVSS
MEDIUM
CVE-2024-34162

The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to "SIMPLE", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

pub. 2024-11-26
Informacje
ID: CWE-767
Typ: Base
Podatności: 4
MITRE CWE ↗
← Słownik CWE