4 vulnerabilities classified as CWE-767 (通过公开方法可访问到关键的私有数据). AI Chinese analysis included.
CWE-767 represents an access control weakness where a class exposes a private variable through a public method, effectively bypassing intended encapsulation boundaries. This flaw typically allows attackers to read sensitive internal state or modify critical variables with unexpected values, violating code assumptions and potentially exposing confidential data or facilitating further exploitation. Developers mitigate this risk by strictly adhering to encapsulation principles, ensuring private variables remain inaccessible outside their defining class. Instead of exposing raw variables, developers should implement controlled accessors or mutators that validate inputs and enforce business logic constraints. By limiting direct variable access and ensuring internal state integrity, organizations prevent unauthorized manipulation and maintain robust security postures against internal logic abuse.
private: float price; public: void changePrice(float newPrice) { price = newPrice; }public class Client { private int UID; public int PID; private String userName; public Client(String userName){ PID = getDefaultProfileID(); UID = mapUserNametoUID( userName ); this.userName = userName; } public void setPID(int ID) { UID = ID; } }| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-36463 | Zabbix 安全漏洞 — Zabbix | 6.5 | Medium | 2024-11-26 |
| CVE-2024-34162 | Sharp MFP 安全漏洞 — Multiple MFPs (multifunction printers) | 5.3 | Medium | 2024-11-26 |
| CVE-2020-26868 | ARC Informatique PcVue Access to Critical Private Variable via Public Method — PcVue | 7.5 | High | 2020-10-12 |
| CVE-2016-8380 | Phoenix Contact ILC PLC 授权问题漏洞 — Phoenix Contact ILC PLCs | 7.3 | - | 2018-04-05 |
Vulnerabilities classified as CWE-767 (通过公开方法可访问到关键的私有数据) represent 4 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.