VYPR

CWE-642

External Control of Critical State Data

ClassDraftLikelihood: High

Description

The product stores security-critical state information about its users, or the product itself, in a location that is accessible to unauthorized actors.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-21 · CAPEC-31

CVEs mapped to this weakness (6)

  • CVE-2018-15382HigOct 5, 2018
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. The vulnerability is due to a static signing key that is present in all Cisco HyperFlex systems. An attacker could exploit this vulnerability by…

  • CVE-2024-22387MedJul 11, 2024
    risk 0.44cvss 6.8epss 0.00

    External Control of Critical State Data (CWE-642) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated user to modify device I/O connections leading to unexpected behavior that in some circumstances could compromise site physical security…

  • CVE-2026-29146HigApr 9, 2026
    risk 0.42cvss 7.5epss 0.04

    Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through…

  • CVE-2017-0928MedJun 4, 2018
    risk 0.40cvss 6.1epss 0.01

    html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.

  • CVE-2025-49090HigOct 2, 2025
    risk 0.39cvss 7.1epss 0.00

    The Matrix specification before 1.16 (i.e., with a room version before 12 and State Resolution before 2.1) has deficient state resolution.

  • CVE-2026-35659MedApr 10, 2026
    risk 0.23cvss 4.6epss 0.00

    OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influence CLI routing even when actual service resolution failed. Attackers can exploit unresolved hints to steer routing decisions to unintended targets by…