CWE-610βExternally Controlled Reference to a Resource in Another Sphere
PUBLISHEDweakness record
released 2007-05-07 Β· last modified 2025-12-11
Metadata
- CWE ID:
- CWE-610
- Abstraction:
- Class
- Structure:
- Simple
- Status:
- Draft
- Release Date:
- 2007-05-07
- Latest Modification Date:
- 2025-12-11
Weakness Name
Externally Controlled Reference to a Resource in Another Sphere
Description
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
Common Consequences
- Scope:
- Confidentiality, Integrity
- Impact:
- Read Application Data, Modify Application Data
- Notes:
- An adversary could read or modify data, depending on how the resource is intended to be used.
- Scope:
- Access Control
- Impact:
- Gain Privileges or Assume Identity
- Notes:
- An adversary that can supply a reference to an unintended resource can potentially access a resource that they do not have privileges for, thus bypassing existing access control mechanisms.