The code contains a class with sensitive data, but the class does not explicitly deny serialization. The data can be accessed by serializing the class through another class.
If too few arguments are sent to a function, the function will still pop the expected number of arguments from the stack. Potentially, a variable number of arguments could be exhausted in a function as well.
The product does not contain sufficient
technical or engineering documentation (whether on paper or
in electronic form) that contains descriptions of all the
relevant software/hardware elements of the product, such as
its usage, structure, architectural components, interfaces, design, implementation,
configuration, operation, etc.
Sensitive Information Uncleared Before Debug/Power State Transition
2
Base
-
The product performs a power or debug state transition, but it does not clear sensitive information that should no longer be accessible due to changes to information access restrictions.
Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
2
Base
High
The product uses external input to dynamically construct an XQuery expression used to retrieve data from an XML database, but it does not neutralize or incorrectly neutralizes that input. This allows an attacker to control the structure of the query.
Exposure of Information Through Shell Error Message
2
Variant
-
A command shell error message indicates that there exists an unhandled exception in the web application code. In many cases, an attacker can leverage the conditions that cause these errors in order to gain unauthorized access to the system.
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "..\" sequences that can resolve to a location that is outside of that directory.
Information Exposure through Microarchitectural State after Transient Execution
2
Base
-
The processor does not properly clear microarchitectural state after incorrect microcode assists or speculative execution, resulting in transient execution.
The product performs CPU computations using
algorithms that are not as efficient as they could be for the
needs of the developer, i.e., the computations can be
optimized further.