CWE-767β€”Access to Critical Private Variable via Public Method

PUBLISHEDweakness record
released 2009-05-27 Β· last modified 2025-12-11

Metadata

CWE ID:
CWE-767
Abstraction:
Base
Structure:
Simple
Status:
Incomplete
Release Date:
2009-05-27
Latest Modification Date:
2025-12-11

Weakness Name

Access to Critical Private Variable via Public Method

Description

The product defines a public method that reads or modifies a private variable.

If an attacker modifies the variable to contain unexpected values, this could violate assumptions from other parts of the code. Additionally, if an attacker can read the private variable, it may expose sensitive information or make it easier to launch further attacks.

Common Consequences

Scope:
Integrity, Other
Impact:
Modify Application Data, Other

Related Weaknesses