CVEbaza.plSłownik CWECWE-669
Common Weakness Enumeration

CWE-669

Incorrect Resource Transfer Between Spheres

Kategoria: ClassCVE: 105
Opis

Produkt nie przenosi prawidłowo zasobu/zachowania do innej sfery lub nieprawidłowo importuje zasób/zachowanie z innej sfery, w sposób który zapewnia niezamierzoną kontrolę nad tym zasobem. Może to prowadzić do naruszeń bezpieczeństwa poprzez nieautoryzowany dostęp lub manipulację zasobami.

Description (EN)

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

Podatności CVE z CWE-669 (105)
9.9
CVSS
CRITICAL
CVE-2021-30120

Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- During the login process, after the user authenticates with username and password, the server sends a response to the client with the booleans MFARequired and MFAEnroled. If the attacker has obtained a password of a user and used an intercepting proxy (e.g. Burp Suite) to change the value of MFARequered from True to False, there is no prompt for the second factor, but the user is still logged in.

pub. 2021-07-09
9.8
CVSS
CRITICAL
CVE-2025-67895

Podatność w Apache Airflow Providers Edge3 (wersje przed 2.0.0) umożliwia autorowi DAG wykonanie zdalnego kodu (RCE) w kontekście procesu webservera Airflow 2. Problem dotyczy wyłącznie instalacji, w których Edge3 provider był zainstalowany i skonfigurowany na Airflow 2.

pub. 2025-12-17
9.8
CVSS
CRITICAL
CVE-2022-4446

PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0.

pub. 2022-12-13
9.8
CVSS
CRITICAL
CVE-2020-24683

The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application.

pub. 2020-12-22
9.8
CVSS
CRITICAL
CVE-2020-5800

The Eat Spray Love mobile app for both iOS and Android contains logic that allows users to bypass authentication and retrieve or modify information that they would not normally have access to.

pub. 2020-12-07
9.8
CVSS
CRITICAL
CVE-2020-15892

An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a user performs a login action from the web interface, the request values are being forwarded to the ssi binary. On the login page, the web interface restricts the password input field to a fixed length of 15 characters. The problem is that validation is being done on the client side, hence it can be bypassed. When an attacker manages to intercept the login request (POST based) and tampers with the vulnerable parameter (log_pass), to a larger length, the request will be forwarded to the webserver. This results in a stack-based buffer overflow. A few other POST variables, (transferred as part of the login request) are also vulnerable: html_response_page and log_user.

pub. 2020-07-22
9.8
CVSS
CRITICAL
CVE-2019-13025

Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST (HTTP) request containing shell commands, which will be executed on the device, to an backend API endpoint of the cable modem.

pub. 2019-10-02
9.8
CVSS
CRITICAL
CVE-2016-5062

The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.

pub. 2016-09-29
9.6
CVSS
CRITICAL
CVE-2022-20658

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator. This vulnerability is due to the lack of server-side validation of user permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to a vulnerable system. A successful exploit could allow the attacker to create Administrator accounts. With these accounts, the attacker could access and modify telephony and user resources across all the Unified platforms that are associated to the vulnerable Cisco Unified CCMP. To successfully exploit this vulnerability, an attacker would need valid Advanced User credentials.

pub. 2022-01-14
9.1
CVSS
CRITICAL
CVE-2023-31114

An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause unintended querying of the SIM status via a crafted application.

pub. 2023-06-07
8.8
CVSS
HIGH
CVE-2025-41660

A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.

pub. 2026-03-24
8.8
CVSS
HIGH
CVE-2026-25253

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

pub. 2026-02-01
8.8
CVSS
HIGH
CVE-2021-45891

An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side.

pub. 2022-04-05
8.8
CVSS
HIGH
CVE-2021-24602

The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page

pub. 2021-08-23
8.8
CVSS
HIGH
CVE-2020-25917

Stratodesk NoTouch Center before 4.4.68 is affected by: Incorrect Access Control. A low privileged user on the platform, for example a user with "helpdesk" privileges, can perform privileged operations including adding a new administrator to the platform via the easyadmin/user/submitCreateTCUser.do page.

pub. 2020-12-26
8.8
CVSS
HIGH
CVE-2019-13263

D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field.

pub. 2019-08-27
8.8
CVSS
HIGH
CVE-2019-13266

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field.

pub. 2019-08-27
8.8
CVSS
HIGH
CVE-2019-11875

In AutomateAppCore.dll in Blue Prism Robotic Process Automation 6.4.0.8445, a vulnerability in access control can be exploited to escalate privileges. The vulnerability allows for abusing the application for fraud or unauthorized access to certain information. The attack requires a valid user account to connect to the Blue Prism server, but the roles associated to this account are not required to have any permissions. First of all, the application files are modified to grant full permissions on the client side. In a test environment (or his own instance of the software) an attacker is able to grant himself full privileges also on the server side. He can then, for instance, create a process with malicious behavior and export it to disk. With the modified client, it is possible to import the exported file as a release and overwrite any existing process in the database. Eventually, the bots execute the malicious process. The server does not check the user's permissions for the aforementioned actions, such that a modification of the client software enables this kind of attack. Possible scenarios may involve changing bank accounts or setting passwords.

pub. 2019-05-24
8.6
CVSS
HIGH
CVE-2025-41645

An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake.

pub. 2025-05-13
8.5
CVSS
HIGH
CVE-2025-34158

Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides the credentials of the server owner (and a /api/resources call reveals other servers accessible by that server owner).

pub. 2025-08-21
Pokazano 20 z 105 podatności
Informacje
ID: CWE-669
Typ: Class
Podatności: 105
MITRE CWE ↗
← Słownik CWE
CWE-669 — Nieprawidłowe Przeniesienie Zasobu Między Sferami | Słownik CWE | CVEbaza.pl