CWE-8

J2EE Misconfiguration: Entity Bean Declared Remote

Variant

Incomplete

Description

When an application exposes a remote interface for an entity bean, it might also expose methods that get or set the bean's data. These methods could be leveraged to read sensitive information, or to change data in ways that violate the application's expectations, potentially leading to other vulnerabilities.

Parent Weaknesses (ChildOf)

CWE-668: Exposure of Resource to Wrong ...

Common Consequences

Scope

Confidentiality

Integrity

Impact

Read Application Data, Modify Application Data

Potential Mitigations

Implementation

Declare Java beans "local" when possible. When a bean must be remotely accessible, make sure that sensitive information is not exposed, and ensure that the application logic performs appropriate validation of any data that might be modified by an attacker.

Applicable Platforms

Java

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now