CWE-15
External Control of System or Configuration Setting
Description
One or more system settings or configuration elements can be externally controlled by a user.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-13 · CAPEC-146 · CAPEC-176 · CAPEC-203 · CAPEC-270 · CAPEC-271 · CAPEC-579 · CAPEC-69 · CAPEC-76 · CAPEC-77
CVEs mapped to this weakness (44)
page 3 of 3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-62527 | 0.00 | — | 0.00 | Oct 20, 2025 | Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim.… | |||
| CVE-2025-43792 | 0.00 | — | 0.00 | Sep 15, 2025 | Remote staging in Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly obtain the remote address of the… | |||
| CVE-2024-23639 | 0.00 | — | 0.00 | Feb 9, 2024 | Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks.… | |||
| CVE-2023-32076 | 0.00 | — | 0.00 | May 10, 2023 | in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and… |
- CVE-2025-62527Oct 20, 2025risk 0.00cvss —epss 0.00
Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim.…
- CVE-2025-43792Sep 15, 2025risk 0.00cvss —epss 0.00
Remote staging in Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly obtain the remote address of the…
- CVE-2024-23639Feb 9, 2024risk 0.00cvss —epss 0.00
Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks.…
- CVE-2023-32076May 10, 2023risk 0.00cvss —epss 0.00
in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and…