CWE-766
Critical Data Element Declared Public
Description
The product declares a critical variable, field, or member to be public when intended security policy requires it to be private.
{"xhtml:p":["This issue makes it more difficult to maintain the product, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."]}
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Read Application Data, Modify Application Data
Scope
Impact
Reduce Maintainability
Potential Mitigations
Data should be private, static, and final whenever possible. This will assure that your code is protected by instantiating early, preventing access, and preventing tampering.
CVE-2010-3860variables declared public allow remote read of system properties such as user name and home directory.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now