CWE-9:J2EE Misconfiguration: Weak Access Permissions for EJB Methods

概览

CWE-9(J2EE Misconfiguration: Weak Access Permissions for EJB Methods)描述一种在漏洞数据库与安全评估中使用的弱点类型;定义、背景与映射 CVE 见下方各节。

安全影响
安全影响:因产品与场景而异;请结合 CVE 记录、严重度评分与 MITRE 说明进行优先级判断。

描述

If elevated access rights are assigned to EJB methods, then an attacker can take advantage of the permissions to exploit the product.

适用平台

类型 名称 普遍性 OS / CPE
language Java Undetermined

曾用名

  • J2EE Misconfiguration: Weak Access Permissions (2008-04-11)

内容提交

名称
7 Pernicious Kingdoms
日期
2006-07-19
版本
Draft 3

内容修订

日期 名称 版本 重要性 评论
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Relationships, Other_Notes, Taxonomy_Mappings
2009-03-10 CWE Content Team 1.3 updated Relationships
2009-07-27 CWE Content Team 1.5 updated Demonstrative_Examples
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2014-06-23 CWE Content Team 2.7 updated Description, Other_Notes
2020-02-24 CWE Content Team 4.0 updated References, Relationships
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Weakness_Ordinalities
cvelogic Threat Intelligence