CWE-471 - Modification of Assumed-Immutable Data

Description

The software does not properly protect an assumed-immutable element from being modified by an attacker.

This occurs when a particular input is critical enough to the functioning of the application that it should not be modifiable at all, but it is. Certain resources are often assumed to be immutable when they are not, such as hidden form fields in web applications, cookies, and reverse DNS lookups.

Latest vulnerabilities for CWE-471

Modification of assumed-immutable data in HID Global SAFE 2023-06-02
Medium No

Multiple vulnerabilities in AzeoTech DAQFactory 2021-11-08
High No

Multiple vulnerabilities in Siemens SINEMA Remote Connect Server 2021-09-16
Low Yes

Security restrictions bypass in WooCommerce PayPal Checkout Payment Gateway plugin for WordPress 2019-03-21
Medium Yes

Security restrictions bypass in woocommercereport WooCommerce PayPal Checkout Payment Gateway for WordPress 2019-01-27
Medium Yes

References

Description of CWE-471 on Mitre website