CWE-669: Incorrect Resource Transfer Between Spheres

ClassDraft

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

View on MITRE
Back to CWE Lookup

Technical Details

Structure
Simple

Applicable To

Languages
Platforms

Frequently Asked Questions

What is CWE-669: Incorrect Resource Transfer Between Spheres?+

CWE-669: Incorrect Resource Transfer Between Spheres is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

What are the security consequences of Incorrect Resource Transfer Between Spheres?+

If exploited, CWE-669 (Incorrect Resource Transfer Between Spheres) it can compromise Confidentiality and Integrity, leading to outcomes such as Read Application Data, Modify Application Data and Unexpected State.

What are real-world examples of Incorrect Resource Transfer Between Spheres?+

MITRE documents real CVEs mapped to CWE-669, including CVE-2021-22909, CVE-2023-5227 and CVE-2005-0406. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-669 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More