CWE-807 - Reliance on Untrusted Inputs in a Security Decision

Description

This weakness occurs when an attacker can change inputs such as cookies, environment variables, and hidden form fields using customized clients or other attacks. Sometimes the system might not detect the change. When security decisions such as authentication and authorization are based on the values of these inputs, attackers can bypass the security of the software.
As a result the vulnerability can cause modification of sensitive data, system crash, or execution of arbitrary code.
The vulnerability is introduced during Architecture and Design, Implementation stages.

Latest vulnerabilities for CWE-807

Multiple vulnerabilities in Mozilla Firefox 2022-06-29
High Yes

Multiple vulnerabilities in Zoom Client 2022-05-24
Medium Yes

Information disclosure in KOYO Electronics Screen Creator Advance2 2022-05-09
Low Yes

Information disclosure in Cisco Firepower Management Center Software 2022-04-28
Low Yes

Information disclosure in Zoom client for Windows 2020-04-01
Medium Yes

Multiple vulnerabilities in Mozilla Firefox and Firefox ESR 2020-01-07
High Yes

Multiple vulnerabilities in Schneider Electric Modicon Controllers 2019-09-17
High Yes

References

Description of CWE-807 on Mitre website