CWE-749 - Exposed Dangerous Method or Function

Description

For cooperation with external actors the software has a dangerous Applications Programming Interface (API) containing unproperly limited method and function and causing other weaknesses related with different technique and approaches (e.g. ActiveX controls, Java functions, IOCTLs).
The vulnerability exposure is revealed through using of method/function only for a limited set of actors such as Internet-based access from a single web site but never for outside actors. Exposed Dangerous Method or Function allows attackers to gain privileges, obtain potentially sensitive data and even cause arbitrary code execution.
The weakness is introduced during Architecture and Design, Implementation stages.

Latest vulnerabilities for CWE-749

Multiple vulnerabilities in Oracle Documaker 2024-04-17
High Yes

Exposed dangerous method or function in Oracle Web Services Manager 2024-04-17
High Yes

Multiple vulnerabilities in IBM Sterling B2B Integrator 2024-04-15
Medium Yes

Multiple vulnerabilities in TP-Link AC1350 and N300 2024-04-12
Medium Yes

Multiple vulnerabilities in IBM Business Automation Workflow 2024-04-09
High Yes

Multiple vulnerabilities in IBM QRadar SIEM 2024-04-02
High Yes

Multiple vulnerabilities in IBM Cloud Pak for Business Automation 2024-02-27
High Yes

Multiple vulnerabilities in IBM Data Risk Manager 2024-01-31
High Yes

Multiple vulnerabilities in IBM Disconnected Log Collector 2024-01-31
High Yes

Multiple vulnerabilities in IBM Security Guardium 2024-01-25
Medium Yes

References

Description of CWE-749 on Mitre website