CWE-493
Critical Public Variable Without Final Modifier
Description
The product has a critical public variable that is not final, which allows the variable to be modified to contain unexpected values.
If a field is non-final and public, it can be changed once the value is set by any function that has access to the class which contains the field. This could lead to a vulnerability if other parts of the program make assumptions about the contents of that field.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Modify Application Data
Scope
Impact
Read Application Data
Potential Mitigations
Declare all public fields as final when possible, especially if it is used to maintain internal state of an Applet or of classes used by an Applet. If a field must be public, then perform all appropriate sanity checks before accessing the field from your code.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now