For cooperation with external actors the software has a dangerous Applications Programming Interface (API) containing unproperly limited method and function and causing other weaknesses related with different technique and approaches (e.g. ActiveX controls, Java functions, IOCTLs).
The vulnerability exposure is revealed through using of method/function only for a limited set of actors such as Internet-based access from a single web site but never for outside actors. Exposed Dangerous Method or Function allows attackers to gain privileges, obtain potentially sensitive data and even cause arbitrary code execution.
The weakness is introduced during Architecture and Design, Implementation stages.
Latest vulnerabilities for CWE-749
Description of CWE-749 on Mitre website