CWE-767 – Access to Critical Private Variable via Public Method | Common Weakness Enumeration（CWE）

概要

CWE-767（Access to Critical Private Variable via Public Method）は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。

The product defines a public method that reads or modifies a private variable.

種別	名称	クラス	普遍性	OS / CPE
language	C++	—	Undetermined	—
language	C#	—	Undetermined	—
language	Java	—	Undetermined	—

これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。

CVE	公開	概要
CVE-2024-36463	2024-11-26	The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects.
CVE-2024-34162	2024-11-26	The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to "SIMPLE", the device communicates with the LDAP…
CVE-2020-26868	2020-10-12	ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimat…
CVE-2016-8380	2018-04-05	The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.

日付	名称	バージョン	重要度	コメント
2011-06-01	CWE Content Team	1.13	—	updated Common_Consequences
2012-05-11	CWE Content Team	2.2	—	updated Relationships
2014-07-30	CWE Content Team	2.8	—	updated Relationships, Taxonomy_Mappings
2017-11-08	CWE Content Team	3.0	—	updated Likelihood_of_Exploit, Relationships, Taxonomy_Mappings
2019-01-03	CWE Content Team	3.2	—	updated Taxonomy_Mappings
2020-02-24	CWE Content Team	4.0	—	updated Relationships
2021-03-15	CWE Content Team	4.4	—	updated Relationships
2023-01-31	CWE Content Team	4.10	—	updated Description
2023-04-27	CWE Content Team	4.11	—	updated Relationships, Time_of_Introduction, Type
2023-06-29	CWE Content Team	4.12	—	updated Mapping_Notes
2025-12-11	CWE Content Team	4.19	—	updated Weakness_Ordinalities