CWE-767(Access to Critical Private Variable via Public Method)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。
The product defines a public method that reads or modifies a private variable.
| 類型 | 名稱 | 類 | 普遍性 | OS / CPE |
|---|---|---|---|---|
| language | C++ | — | Undetermined | — |
| language | C# | — | Undetermined | — |
| language | Java | — | Undetermined | — |
下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。
| CVE | 公開時間 | 摘要 |
|---|---|---|
| CVE-2024-36463 | 2024-11-26 | The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects. |
| CVE-2024-34162 | 2024-11-26 | The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to "SIMPLE", the device communicates with the LDAP… |
| CVE-2020-26868 | 2020-10-12 | ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimat… |
| CVE-2016-8380 | 2018-04-05 | The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication. |
| 日期 | 名稱 | 版本 | 重要性 | 評論 |
|---|---|---|---|---|
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Relationships |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Relationships, Taxonomy_Mappings |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Likelihood_of_Exploit, Relationships, Taxonomy_Mappings |
| 2019-01-03 | CWE Content Team | 3.2 | — | updated Taxonomy_Mappings |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Relationships |
| 2021-03-15 | CWE Content Team | 4.4 | — | updated Relationships |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Relationships, Time_of_Introduction, Type |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Weakness_Ordinalities |