CWE-668: Exposure of Resource to Wrong Sphere
|
Weakness ID: 668
Vulnerability Mapping:
DISCOURAGED
This CWE ID should not be used to map to real-world vulnerabilities
Abstraction:
Class
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.
|
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
Resources such as files and directories may be inadvertently exposed through mechanisms such as insecure permissions, or when a program accidentally operates on the wrong object. For example, a program may intend that private files can only be provided to a specific user. This effectively defines a control sphere that is intended to prevent attackers from accessing these private files. If the file permissions are insecure, then parties other than the user will be able to access those files.
A separate control sphere might effectively require that the user can only access the private files, but not any other files on the system. If the program does not ensure that the user is only requesting private files, then the user might be able to access other files on the system.
In either case, the end result is that a resource has been exposed to the wrong party.
This table specifies different individual consequences
associated with the weakness. The Scope identifies the application security area that is
violated, while the Impact describes the negative technical impact that arises if an
adversary succeeds in exploiting this weakness. The Likelihood provides information about
how likely the specific consequence is expected to be seen relative to the other
consequences in the list. For example, there may be high likelihood that a weakness will be
exploited to achieve a certain impact, but a low likelihood that it will be exploited to
achieve a different impact.
Impact
Details
|
Read Application Data
|
Scope: Confidentiality
Likelihood: High
An adversary that gains access to a resource exposed to a wrong sphere could potentially retrieve private data from that resource, thus breaking the intended confidentiality of that data.
|
|
Modify Application Data
|
Scope: Integrity
Likelihood: Medium
An adversary that gains access to a resource exposed to a wrong sphere could potentially modify data held within that resource, thus breaking the intended integrity of that data and causing the system relying on that resource to make unintended decisions.
|
|
Varies by Context
|
Scope: Other
The consequences may vary widely depending on how the product uses the affected resource.
|
This table shows the weaknesses and high level categories that are related to this
weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to
similar items that may exist at higher and lower levels of abstraction. In addition,
relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user
may want to explore.
Relevant to the view "Research Concepts" (View-1000)
Nature
Type
ID
Name
| ChildOf |
Pillar - a weakness that is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things.
|
664
|
Improper Control of a Resource Through its Lifetime
|
| ParentOf |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.
|
8
|
J2EE Misconfiguration: Entity Bean Declared Remote
|
| ParentOf |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
|
134
|
Use of Externally-Controlled Format String
|
| ParentOf |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.
|
200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
| ParentOf |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
|
374
|
Passing Mutable Objects to an Untrusted Method
|
| ParentOf |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
|
375
|
Returning a Mutable Object to an Untrusted Caller
|
| ParentOf |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.
|
377
|
Insecure Temporary File
|
| ParentOf |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.
|
402
|
Transmission of Private Resources into a New Sphere ('Resource Leak')
|
| ParentOf |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
|
427
|
Uncontrolled Search Path Element
|
| ParentOf |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
|
428
|
Unquoted Search Path or Element
|
| ParentOf |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
|
488
|
Exposure of Data Element to Wrong Session
|
| ParentOf |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.
|
491
|
Public cloneable() Method Without Final ('Object Hijack')
|
| ParentOf |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.
|
492
|
Use of Inner Class Containing Sensitive Data
|
| ParentOf |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.
|
493
|
Critical Public Variable Without Final Modifier
|
| ParentOf |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.
|
498
|
Cloneable Class Containing Sensitive Information
|
| ParentOf |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.
|
499
|
Serializable Class Containing Sensitive Data
|
| ParentOf |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.
|
522
|
Insufficiently Protected Credentials
|
| ParentOf |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
|
524
|
Use of Cache Containing Sensitive Information
|
| ParentOf |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
|
552
|
Files or Directories Accessible to External Parties
|
| ParentOf |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.
|
582
|
Array Declared Public, Final, and Static
|
| ParentOf |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.
|
583
|
finalize() Method Declared Public
|
| ParentOf |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.
|
608
|
Struts: Non-private Field in ActionForm Class
|
| ParentOf |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.
|
642
|
External Control of Critical State Data
|
| ParentOf |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.
|
732
|
Incorrect Permission Assignment for Critical Resource
|
| ParentOf |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
|
767
|
Access to Critical Private Variable via Public Method
|
| ParentOf |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.
|
927
|
Use of Implicit Intent for Sensitive Communication
|
| ParentOf |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
|
1189
|
Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
|
| ParentOf |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
|
1282
|
Assumed-Immutable Data is Stored in Writable Memory
|
| ParentOf |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
|
1327
|
Binding to an Unrestricted IP Address
|
| ParentOf |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
|
1331
|
Improper Isolation of Shared Resources in Network On Chip (NoC)
|
| CanFollow |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
|
22
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
|
| CanFollow |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.
|
441
|
Unintended Proxy or Intermediary ('Confused Deputy')
|
| CanFollow |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.
|
942
|
Permissive Cross-domain Security Policy with Untrusted Domains
|
Relevant to the view "Weaknesses for Simplified Mapping of Published Vulnerabilities" (View-1003)
Nature
Type
ID
Name
| MemberOf |
View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries).
|
1003
|
Weaknesses for Simplified Mapping of Published Vulnerabilities
|
| ParentOf |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
|
134
|
Use of Externally-Controlled Format String
|
| ParentOf |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
|
426
|
Untrusted Search Path
|
| ParentOf |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
|
427
|
Uncontrolled Search Path Element
|
| ParentOf |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
|
428
|
Unquoted Search Path or Element
|
| ParentOf |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
|
552
|
Files or Directories Accessible to External Parties
|
Relevant to the view "Architectural Concepts" (View-1008)
Nature
Type
ID
Name
| MemberOf |
Category - a CWE entry that contains a set of other entries that share a common characteristic.
|
1011
|
Authorize Actors
|
The different Modes of Introduction provide information
about how and when this
weakness may be introduced. The Phase identifies a point in the life cycle at which
introduction
may occur, while the Note provides a typical scenario related to introduction during the
given
phase.
Phase
Note
| Architecture and Design |
|
| Implementation |
REALIZATION: This weakness is caused during implementation of an architectural security tactic. |
| Operation |
|
Ordinality
Description
|
Primary
|
(where the weakness exists independent of other weaknesses)
|
Resultant
|
(where the weakness is typically related to the presence of some other weaknesses)
|
This MemberOf Relationships table shows additional CWE Categories and Views that
reference this weakness as a member. This information is often useful in understanding where a
weakness fits within the context of external information sources.
Nature
Type
ID
Name
| MemberOf |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
963
|
SFP Secondary Cluster: Exposed Data
|
| MemberOf |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1345
|
OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
|
| MemberOf |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1364
|
ICS Communications: Zone Boundary Failures
|
| MemberOf |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1403
|
Comprehensive Categorization: Exposed Resource
|
| MemberOf |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1436
|
OWASP Top Ten 2025 Category A01:2025 - Broken Access Control
|
Vulnerability Mapping Notes
|
Usage
|
DISCOURAGED
(this CWE ID should not be used to map to real-world vulnerabilities)
|
| Reasons |
Frequent Misuse,
Frequent Misinterpretation,
Abstraction
|
|
Rationale
|
CWE-668 is high-level and is often misused as a catch-all when lower-level children might be applicable. It is sometimes used for low-information vulnerability reports [REF-1287]. It is a level-1 Class (i.e., a child of a Pillar). It is not useful for trend analysis.
|
|
Comments
|
Frequent misuse appears to be related to access control issues (poor authorization (CWE-285) or authentication (CWE-287)); insertion of sensitive information (CWE-201) or improper removal of sensitive information (CWE-212); or others. Closely analyze the specific mistake that is allowing the resource to be exposed, and perform a CWE mapping for that mistake. It is highly likely that CWE-668's children or descendants could apply.
|
Theoretical
A "control sphere" is a set of resources and behaviors that are accessible to a single actor, or a group of actors. A product's security model will typically define multiple spheres, possibly implicitly. For example, a server might define one sphere for "administrators" who can create new user accounts with subdirectories under /home/server/, and a second sphere might cover the set of users who can create or delete files within their own subdirectories. A third sphere might be "users who are authenticated to the operating system on which the product is installed." Each sphere has different sets of actors and allowable behaviors.
Submissions
Submission Date
Submitter
Organization
2008-04-11
(CWE Draft 9, 2008-04-11)
|
CWE Content Team |
MITRE |
|
|
Modifications
Modification Date
Modifier
Organization
2026-04-30
(CWE 4.20, 2026-04-30)
|
CWE Content Team |
MITRE |
|
updated Mapping_Notes
|
2025-12-11
(CWE 4.19, 2025-12-11)
|
CWE Content Team |
MITRE |
|
updated Applicable_Platforms, Relationships, Weakness_Ordinalities
|
2025-04-03
(CWE 4.17, 2025-04-03)
|
CWE Content Team |
MITRE |
|
updated Common_Consequences, Relationships
|
2023-06-29
(CWE 4.12, 2023-06-29)
|
CWE Content Team |
MITRE |
|
updated Mapping_Notes
|
2023-04-27
(CWE 4.11, 2023-04-27)
|
CWE Content Team |
MITRE |
|
updated Relationships
|
2022-10-13
(CWE 4.9, 2022-10-13)
|
CWE Content Team |
MITRE |
|
updated References
|
2022-04-28
(CWE 4.7, 2022-04-28)
|
CWE Content Team |
MITRE |
|
updated Relationships
|
2021-10-28
(CWE 4.6, 2021-10-28)
|
CWE Content Team |
MITRE |
|
updated Relationships
|
2021-03-15
(CWE 4.4, 2021-03-15)
|
CWE Content Team |
MITRE |
|
updated Relationships
|
2020-06-25
(CWE 4.1, 2020-06-25)
|
CWE Content Team |
MITRE |
|
updated Relationships
|
2020-02-24
(CWE 4.0, 2020-02-24)
|
CWE Content Team |
MITRE |
|
updated Relationships
|
2019-06-20
(CWE 3.3, 2019-06-20)
|
CWE Content Team |
MITRE |
|
updated Relationships
|
2019-01-03
(CWE 3.2, 2019-01-03)
|
CWE Content Team |
MITRE |
|
updated Relationships
|
2017-11-08
(CWE 3.0, 2017-11-08)
|
CWE Content Team |
MITRE |
|
updated Modes_of_Introduction, Relationships, Relevant_Properties
|
2017-01-19
(CWE 2.10, 2017-01-19)
|
CWE Content Team |
MITRE |
|
updated Relationships
|
2015-12-07
(CWE 2.9, 2015-12-07)
|
CWE Content Team |
MITRE |
|
updated Relationships
|
2014-07-30
(CWE 2.8, 2014-07-31)
|
CWE Content Team |
MITRE |
|
updated Relationships
|
2014-06-23
(CWE 2.7, 2014-06-23)
|
CWE Content Team |
MITRE |
|
updated Relationships
|
2013-07-17
(CWE 2.5, 2013-07-17)
|
CWE Content Team |
MITRE |
|
updated Relationships
|
2013-02-21
(CWE 2.4, 2013-02-21)
|
CWE Content Team |
MITRE |
|
updated Relationships
|
2012-05-11
(CWE 2.2, 2012-05-15)
|
CWE Content Team |
MITRE |
|
updated Relationships
|
2011-06-01
(CWE 1.13, 2011-06-01)
|
CWE Content Team |
MITRE |
|
updated Common_Consequences
|
2011-03-29
(CWE 1.12, 2011-03-30)
|
CWE Content Team |
MITRE |
|
updated Relationships
|
2010-09-27
(CWE 1.10, 2010-09-27)
|
CWE Content Team |
MITRE |
|
updated Relationships
|
2009-12-28
(CWE 1.7, 2009-12-28)
|
CWE Content Team |
MITRE |
|
updated Relationships
|
2009-10-29
(CWE 1.6, 2009-10-29)
|
CWE Content Team |
MITRE |
|
updated Other_Notes, Theoretical_Notes
|
2009-07-27
(CWE 1.5, 2009-07-27)
|
CWE Content Team |
MITRE |
|
updated Description, Relationships
|
2009-07-22
(CWE 1.5, 2009-07-27)
|
CWE Content Team |
MITRE |
|
Clarified description to include permissions.
|
2009-05-27
(CWE 1.4, 2009-05-27)
|
CWE Content Team |
MITRE |
|
updated Relationships
|
2008-11-24
(CWE 1.1, 2008-11-25)
|
CWE Content Team |
MITRE |
|
updated Relationships
|
2008-09-08
(CWE 1.0, 2008-09-09)
|
CWE Content Team |
MITRE |
|
updated Relationships, Other_Notes
|
2008-07-01
(CWE 1.0, 2008-09-09)
|
Eric Dalci |
Cigital |
|
updated Time_of_Introduction
|
More information is available — Please edit the custom filter or select a different filter.
|