CWE-767
Access to Critical Private Variable via Public Method
Extended description
If an attacker modifies the variable to contain unexpected values, this could violate assumptions from other parts of the code. Additionally, if an attacker can read the private variable, it may expose sensitive information or make it easier to launch further attacks.
Common consequences1
- IntegrityOtherModify Application DataOther
Potential mitigations1
- Implementation
Use class accessor and mutator methods appropriately. Perform validation when accepting data from a public method that is intended to modify a critical private variable. Also be sure that appropriate access controls are being applied when a public method interfaces with critical data.
Relationships1
- ChildOfCWE-668
CVEs referencing this CWE4
| CVE | Description | Severity | EPSS | Flags | Modified |
|---|---|---|---|---|---|
| CVE-2016-8380 | The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication. | NONE | 11%p95 | PoC | 2024-11-21 |
| CVE-2020-26868 | ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimate web clients. This issue also affects third-party systems based on the Web Services Toolkit. | HIGH7.5 | 2.11%p79 | 2024-11-21 | |
| CVE-2024-34162 | The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to "SIMPLE", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | MEDIUM5.3 | 0.99%p58 | 2026-04-15 | |
| CVE-2024-36463 | The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects. | HIGH8.8 | 0.78%p51 | 2025-10-08 |