VYPR

CWE-15

External Control of System or Configuration Setting

BaseIncomplete

Description

One or more system settings or configuration elements can be externally controlled by a user.

Allowing external control of system settings can disrupt service or cause an application to behave in unexpected, and potentially malicious ways.

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-13 · CAPEC-146 · CAPEC-176 · CAPEC-203 · CAPEC-270 · CAPEC-271 · CAPEC-579 · CAPEC-69 · CAPEC-76 · CAPEC-77

CVEs mapped to this weakness (44)

page 3 of 3
  • CVE-2025-62527Oct 20, 2025
    risk 0.00cvss epss 0.00

    Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim.…

  • CVE-2025-43792Sep 15, 2025
    risk 0.00cvss epss 0.00

    Remote staging in Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly obtain the remote address of the…

  • CVE-2024-23639Feb 9, 2024
    risk 0.00cvss epss 0.00

    Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks.…

  • CVE-2023-32076May 10, 2023
    risk 0.00cvss epss 0.00

    in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and…