CWE-668: Exposure of Resource to Wrong Sphere
low-riskThe product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
Abstraction: Class
Common Consequences
Confidentiality
→
Read Application Data
Integrity
→
Modify Application Data
Other
→
Varies by Context
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2022-39952 | 9.8 | 93.8% | — |
| CVE-2018-6910 | 7.5 | 92.8% | — |
| CVE-2020-27361 | 7.5 | 89.4% | — |
| CVE-2023-37599 | 7.5 | 85.6% | — |
| CVE-2021-45420 | 9.8 | 82.3% | — |
| CVE-2024-25153 | 9.8 | 82.2% | — |
| CVE-2023-33510 | 7.5 | 74.0% | — |
| CVE-2022-24900 | 9.9 | 73.3% | — |
| CVE-2022-34047 | 7.5 | 59.2% | — |
| CVE-2019-12928 | 9.8 | 54.1% | — |
6
/ 100
low-risk
Active Threat
6/50 · Minimal
Exploit Availability
0/50 · Minimal