CWE-669: Incorrect Resource Transfer Between Spheres
low-riskThe product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.
Abstraction: Class
Common Consequences
Confidentiality
→
Read Application Data
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2020-1048 | 7.8 | 74.5% | — |
| CVE-2020-6862 | 5.3 | 13.3% | — |
| CVE-2020-15257 | 5.2 | 11.1% | — |
| CVE-2020-15257 | 5.2 | 11.1% | — |
| CVE-2019-13025 | 9.8 | 10.8% | — |
| CVE-2020-15892 | 9.8 | 0.9% | — |
| CVE-2012-2979 | 7.5 | 0.7% | — |
| CVE-2021-22900 | 7.2 | 0.7% | Y |
| CVE-2022-4446 | 9.8 | 0.7% | — |
| CVE-2021-24602 | 8.8 | 0.7% | — |
4
/ 100
low-risk
Active Threat
4/50 · Minimal
Exploit Availability
0/50 · Minimal