null>CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
- Abstraction:Class
- Structure:Simple
- Status:Draft
- Release Date:2007-05-07
- Latest Modification Date:2025-04-03
Weakness Name
Externally Controlled Reference to a Resource in Another Sphere
Description
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
Common Consequences
Scope: Confidentiality, Integrity
Impact: Read Application Data, Modify Application Data
Notes: An adversary could read or modify data, depending on how the resource is intended to be used.
Scope: Access Control
Impact: Gain Privileges or Assume Identity
Notes: An adversary that can supply a reference to an unintended resource can potentially access a resource that they do not have privileges for, thus bypassing existing access control mechanisms.