CWE-610: Externally Controlled Reference to a Resource in Another Sphere
low-riskThe product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
Abstraction: Class
Common Consequences
Confidentiality
→
Read Application Data
Access Control
→
Gain Privileges or Assume Identity
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2022-27593 | 10.0 | 93.1% | Y |
| CVE-2022-27593 | 10.0 | 93.1% | Y |
| CVE-2020-5412 | 6.5 | 92.3% | — |
| CVE-2022-2633 | 7.5 | 89.7% | — |
| CVE-2017-18357 | 6.5 | 57.3% | — |
| CVE-2017-0211 | 5.5 | 22.3% | — |
| CVE-2022-2431 | 8.1 | 17.1% | — |
| CVE-2023-30943 | 6.5 | 17.1% | — |
| CVE-2021-27648 | 9.0 | 10.1% | — |
| CVE-2021-27648 | 9.0 | 10.1% | — |
5
/ 100
low-risk
Active Threat
4/50 · Minimal
Exploit Availability
1/50 · Minimal