CWE-8: J2EE Misconfiguration: Entity Bean Declared Remote

ID CWE-8

Abstraction Variant

Structure Simple

Status Incomplete

When an application exposes a remote interface for an entity bean, it might also expose methods that get or set the bean's data. These methods could be leveraged to read sensitive information, or to change data in ways that violate the application's expectations, potentially leading to other vulnerabilities.

Modes of Introduction

Phase	Note
Architecture and Design
Implementation

Relationships

View			Weakness
# ID	View	Status	# ID	Name	Abstraction	Structure	Status
CWE-1000	Research Concepts	Draft	CWE-668	Exposure of Resource to Wrong Sphere	Class	Simple	Draft