CWE-668: Exposure of Resource to Wrong Sphere
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
常见后果
影响范围: Confidentiality
技术影响: Read Application Data
说明: An adversary that gains access to a resource exposed to a wrong sphere could potentially retrieve private data from that resource, thus breaking the intended confidentiality of that data.
影响范围: Integrity
技术影响: Modify Application Data
说明: An adversary that gains access to a resource exposed to a wrong sphere could potentially modify data held within that resource, thus breaking the intended integrity of that data and causing the system relying on that resource to make unintended decisions.
影响范围: Other
技术影响: Varies by Context
说明: The consequences may vary widely depending on how the product uses the affected resource.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |
| Operation | - |