DerScanner
Home / Vulnerability Database / Java : SecurityManager overridable check
Java

Java : SecurityManager overridable check

Classification

CWE
CWE-358

Overview

Methods without the final modifier and those defined not in the final class can be overridden. If such a method implements security checks, an attacker can bypass them in the derived class by overriding the method.

References

  1. CWE-358: Improperly Implemented Security Check for Standard
  2. SecurityManager - docs.oracle.com
  3. OWASP: Top 10 2013-A7-Missing Function Level Access Control
LOW

DerScanner Severity Score

Do you want to fix Java : SecurityManager overridable check in your application?

See also

Java

Java : Race condition

Java

Java : Text4Shell Vulnerability

Java

Java : JNI usage