CWE•Base•Draft•5 recent CVEs

CWE-488Exposure of Data Element to Wrong Session

Description

The product does not sufficiently enforce boundaries between the states of different sessions, causing data to be provided to, or used by, the wrong session.

[object Object]

Common consequences

Confidentiality→Read Application Data

Potential mitigations

Architecture and Design
Protect the application's sessions from information leakage. Make sure that a session's data is not used or visible by other sessions.
Testing
Use a static analysis tool to scan the code for information leakage vulnerabilities (e.g. Singleton Member Field).
Architecture and Design
In a multithreading environment, storing user data in Servlet member fields introduces a data access race condition. Do not use member fields to store information in the Servlet.

Recent CVEs classified under this CWE

CVE-2026-98316.32026-05-29 CVE-2026-464166.32026-05-27 CVE-2025-249345.42025-10-22 CVE-2024-110945.32024-11-16 CVE-2023-65197.52024-02-08

Description

Common consequences

Potential mitigations

Related CWEs

Recent CVEs classified under this CWE