CWE-8: J2EE Misconfiguration: Entity Bean Declared Remote
ID
CWE-8
Abstraction
Variant
Structure
Simple
Status
Incomplete
When an application exposes a remote interface for an entity bean, it might also expose methods that get or set the bean's data. These methods could be leveraged to read sensitive information, or to change data in ways that violate the application's expectations, potentially leading to other vulnerabilities.
Modes of Introduction
Phase | Note |
---|---|
Architecture and Design | |
Implementation |
Loading...