VYPR

CWE-694

Use of Multiple Resources with Duplicate Identifier

BaseIncomplete

Description

The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.

If the product assumes that each resource has a unique identifier, the product could operate on the wrong resource if attackers can cause multiple resources to be associated with the same identifier.

Hierarchy (View 1000)

CVEs mapped to this weakness (6)

  • CVE-2025-13609HigNov 24, 2025
    risk 0.46cvss 8.2epss 0.00

    A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's…

  • CVE-2026-5794MedApr 28, 2026
    risk 0.32cvss epss 0.00

    A vulnerability affecting the detailed versions of Cryptobox allows a legitimate user to prevent another to login by triggering an account lockout via sending a specially crafted request.

  • CVE-2024-41146MedDec 12, 2024
    risk 0.30cvss 4.6epss 0.00

    Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBUS connected devices, require a device…

  • CVE-2025-59048Oct 23, 2025
    risk 0.00cvss epss 0.00

    OpenBao's AWS Plugin generates AWS access credentials based on IAM policies. Prior to version 0.1.1, the AWS Plugin is vulnerable to cross-account IAM role Impersonation in the AWS auth method. The vulnerability allows an IAM role from an untrusted AWS account to authenticate by…

  • CVE-2020-15187Sep 17, 2020
    risk 0.00cvss epss 0.01

    In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution…

  • CVE-2020-15185Sep 17, 2020
    risk 0.00cvss epss 0.01

    In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this…