CWE-673: External Influence of Sphere Definition
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product does not prevent the definition of control spheres from external actors.
扩展描述
Typically, a product defines its control sphere within the code itself, or through configuration by the product's administrator. In some cases, an external party can change the definition of the control sphere. This is typically a resultant weakness.
常见后果
影响范围: Other
技术影响: Other
观察示例
参考: CVE-2008-2613
setuid program allows compromise using path that finds and loads a malicious library.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |