CWE-673: External Influence of Sphere Definition

The product does not prevent the definition of control spheres from external actors.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Class

Abstraction

MITRE classification

Overview

Typically, a product defines its control sphere within the code itself, or through configuration by the product's administrator. In some cases, an external party can change the definition of the control sphere. This is typically a resultant weakness.

CWE-673: External Influence of Sphere Definition

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Code examples

Illustrative examples

Frequently asked questions

What is CWE-673?

What CVEs are caused by CWE-673?

What are the consequences of CWE-673?

Is CWE-673 actively exploited?

References

Stay ahead of CWE-673

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Code examples

Illustrative examples

Related weaknesses

Parent

Child

Frequently asked questions

What is CWE-673?

What CVEs are caused by CWE-673?

What are the consequences of CWE-673?

Is CWE-673 actively exploited?

References

Stay ahead of CWE-673