VYPR

CWE-749

Exposed Dangerous Method or Function

BaseIncompleteLikelihood: Low

Description

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-500

CVEs mapped to this weakness (65)

page 4 of 4
  • CVE-2023-49583Dec 12, 2023
    risk 0.00cvss epss 0.01

    SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

  • CVE-2023-26478Mar 2, 2023
    risk 0.00cvss epss 0.01

    XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, `org.xwiki.store.script.TemporaryAttachmentsScriptService#uploadTemporaryAttachment` returns an instance of `com.xpn.xwiki.doc.XWikiAttachment`. This class is not supported to be exposed to users without…

  • CVE-2022-46156Nov 30, 2022
    risk 0.00cvss epss 0.00

    The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The…

  • CVE-2018-8949MedMar 23, 2018
    risk 0.00cvss 4.3epss 0.01

    An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an…

  • CVE-2014-0758Feb 24, 2014
    risk 0.00cvss epss 0.02

    An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document.