CWE-1048: Invokable Control Element with Large Number of Outward Calls
The code contains callable control elements that contain an excessively large number of references to other application objects external to the context of the callable, i.e. a Fan-Out value that is excessively large.
Last updated
Overview
While the interpretation of "excessively large Fan-Out value" may vary for each product or developer, CISQ recommends a default of 5 referenced objects.
Common consequences
What can happen when CWE-1048 is exploited.
Reduce Maintainability, Increase Analytical Complexity
Affects: Other
This issue makes it more difficult to maintain the product, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Terminology & mappings
Mapped taxonomies
- OMG ASCMM (ASCMM-MNT-4)
Frequently asked questions
Common questions about CWE-1048.
- What is CWE-1048?
- The code contains callable control elements that contain an excessively large number of references to other application objects external to the context of the callable, i.e. a Fan-Out value that is excessively large.
- What are the consequences of CWE-1048?
- Exploiting CWE-1048 can lead to: Reduce Maintainability, Increase Analytical Complexity.
References
- MITRE CWE definition (CWE-1048) (opens in a new tab)
- CWE-1048 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-1048
Get alerted the moment a new CWE-1048 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.