CWE-706: Use of Incorrectly-Resolved Name or Reference

Description

The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

Extended Description

N/A

ThreatScore

Threat Mapped score: 1.8

Industry: Finiancial

Threat priority: P4 - Informational (Low)

Observed Examples (CVEs)

No observed examples available.

Related Attack Patterns (CAPEC)

Attack TTPs

T1036 — Masquerading (defense-evasion)
T1574.008 — Path Interception by Search Order Hijacking (persistence, privilege-escalation, defense-evasion)
T1574.002 — DLL Side-Loading (persistence, privilege-escalation, defense-evasion)

Malware

APTs (Intrusion Sets)

Modes of Introduction

Phase	Note
Architecture and Design	N/A
Implementation	N/A

Common Consequences

Impact: Read Application Data, Modify Application Data — Notes:

Potential Mitigations

None listed.

Applicable Platforms

None (Not Language-Specific, Undetermined)

Demonstrative Examples

N/A

Notes

No notes available.

← Back to CWE list