CWE-669
Allowed-with-ReviewIncorrect Resource Transfer Between Spheres
Abstraction: Class · Status: Draft
The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.
144 vulnerabilities reference this CWE, most recent first.
GHSA-PHP9-88RP-7QWR
Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-05-24 17:42IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier. IBM X-Force ID: 198191.
{
"affected": [],
"aliases": [
"CVE-2021-20411"
],
"database_specific": {
"cwe_ids": [
"CWE-669"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-12T17:15:00Z",
"severity": "HIGH"
},
"details": "IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier. IBM X-Force ID: 198191.",
"id": "GHSA-php9-88rp-7qwr",
"modified": "2022-05-24T17:42:02Z",
"published": "2022-05-24T17:42:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20411"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196191"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6414777"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PMXF-4V8C-RWR7
Vulnerability from github – Published: 2022-05-24 16:47 – Updated: 2022-06-28 14:10Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.grails:grails-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-12728"
],
"database_specific": {
"cwe_ids": [
"CWE-494",
"CWE-669"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-28T14:10:27Z",
"nvd_published_at": "2019-06-04T13:29:00Z",
"severity": "HIGH"
},
"details": "Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users\u0027 apps were not resolving dependencies over cleartext HTTP.",
"id": "GHSA-pmxf-4v8c-rwr7",
"modified": "2022-06-28T14:10:27Z",
"published": "2022-05-24T16:47:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12728"
},
{
"type": "WEB",
"url": "https://github.com/grails/grails-core/issues/11250"
},
{
"type": "WEB",
"url": "https://objectcomputing.com/news/2019/05/30/possible-grails-mitm-vulnerability"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Incorrect Resource Transfer Between Spheres in Grails"
}
GHSA-Q42F-8H4Q-G7MM
Vulnerability from github – Published: 2026-04-16 09:31 – Updated: 2026-04-16 09:31In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges.
{
"affected": [],
"aliases": [
"CVE-2026-41030"
],
"database_specific": {
"cwe_ids": [
"CWE-669"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-16T07:16:30Z",
"severity": "MODERATE"
},
"details": "In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges.",
"id": "GHSA-q42f-8h4q-g7mm",
"modified": "2026-04-16T09:31:44Z",
"published": "2026-04-16T09:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41030"
},
{
"type": "WEB",
"url": "https://github.com/ONLYOFFICE/DesktopEditors/blob/master/CHANGELOG.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q539-3F98-VMMM
Vulnerability from github – Published: 2023-06-07 21:30 – Updated: 2024-04-04 04:39An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause changes to the activation mode of RCS via a crafted application.
{
"affected": [],
"aliases": [
"CVE-2023-31115"
],
"database_specific": {
"cwe_ids": [
"CWE-669"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-07T21:15:13Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause changes to the activation mode of RCS via a crafted application.",
"id": "GHSA-q539-3f98-vmmm",
"modified": "2024-04-04T04:39:56Z",
"published": "2023-06-07T21:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31115"
},
{
"type": "WEB",
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q963-V9W4-PQP9
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-10-25 19:00The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page
{
"affected": [],
"aliases": [
"CVE-2021-24602"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-669"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-23T12:15:00Z",
"severity": "HIGH"
},
"details": "The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page",
"id": "GHSA-q963-v9w4-pqp9",
"modified": "2022-10-25T19:00:24Z",
"published": "2022-05-24T19:11:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24602"
},
{
"type": "WEB",
"url": "https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QPPP-W788-JHGH
Vulnerability from github – Published: 2022-05-17 02:51 – Updated: 2022-05-17 02:51The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.
{
"affected": [],
"aliases": [
"CVE-2016-5062"
],
"database_specific": {
"cwe_ids": [
"CWE-669"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-09-29T10:59:00Z",
"severity": "CRITICAL"
},
"details": "The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.",
"id": "GHSA-qppp-w788-jhgh",
"modified": "2022-05-17T02:51:04Z",
"published": "2022-05-17T02:51:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5062"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/706359"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93208"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R2C6-8JC8-G32W
Vulnerability from github – Published: 2026-02-02 00:30 – Updated: 2026-02-02 20:42Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-g8p2-7wf7-98mq. This link is maintained to preserve external references.
Original Description
OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "clawdbot"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.1.29"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-669"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-02T20:42:52Z",
"nvd_published_at": "2026-02-01T23:15:49Z",
"severity": "HIGH"
},
"details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-g8p2-7wf7-98mq. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.",
"id": "GHSA-r2c6-8jc8-g32w",
"modified": "2026-02-02T20:42:52Z",
"published": "2026-02-02T00:30:23Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g8p2-7wf7-98mq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25253"
},
{
"type": "WEB",
"url": "https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys"
},
{
"type": "WEB",
"url": "https://openclaw.ai/blog"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: 1-Click RCE via Authentication Token Exfiltration From gatewayUrl",
"withdrawn": "2026-02-02T20:42:52Z"
}
GHSA-R2FH-QM7G-X68J
Vulnerability from github – Published: 2022-06-03 00:00 – Updated: 2022-06-14 00:00A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)
{
"affected": [],
"aliases": [
"CVE-2022-30236"
],
"database_specific": {
"cwe_ids": [
"CWE-669"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-02T23:15:00Z",
"severity": "HIGH"
},
"details": "A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 \u0026 EER21001 (V4.5 and prior)",
"id": "GHSA-r2fh-qm7g-x68j",
"modified": "2022-06-14T00:00:30Z",
"published": "2022-06-03T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30236"
},
{
"type": "WEB",
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-130-03"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R3Q7-7PWQ-HQQ8
Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2022-05-24 17:37The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application.
{
"affected": [],
"aliases": [
"CVE-2020-24683"
],
"database_specific": {
"cwe_ids": [
"CWE-669"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-22T22:15:00Z",
"severity": "CRITICAL"
},
"details": "The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application.",
"id": "GHSA-r3q7-7pwq-hqq8",
"modified": "2022-05-24T17:37:03Z",
"published": "2022-05-24T17:37:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24683"
},
{
"type": "WEB",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-RPRM-6MG6-R8FM
Vulnerability from github – Published: 2026-05-07 03:31 – Updated: 2026-05-07 03:31Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008.
{
"affected": [],
"aliases": [
"CVE-2026-44599"
],
"database_specific": {
"cwe_ids": [
"CWE-669"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-07T03:16:07Z",
"severity": "LOW"
},
"details": "Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008.",
"id": "GHSA-rprm-6mg6-r8fm",
"modified": "2026-05-07T03:31:21Z",
"published": "2026-05-07T03:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44599"
},
{
"type": "WEB",
"url": "https://forum.torproject.org/c/news/tor-release-announcement/28"
},
{
"type": "WEB",
"url": "https://gitlab.torproject.org/tpo/core/tor/-/commit/50f90ba849088247734786922855c22661c6fa03"
},
{
"type": "WEB",
"url": "https://gitlab.torproject.org/tpo/core/tor/-/work_items/41243"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2026/05/06/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.