CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Description

The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. An attacker may be able to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. If the files are used for a security mechanism then an attacker may be able to bypass the mechanism. Windows simple shortcuts, sometimes referred to as soft links, can be exploited remotely since a ".LNK" file can be uploaded like a normal file. This can enable remote execution. This weakness is caused during implementation of an architectural security tactic.

Latest vulnerabilities for CWE-59

Privilege escalation in Trend Micro Maximum Security 2024-04-24
Low Yes

Multiple vulnerabilities in Juniper Networks Junos cRPD 2024-04-15
High Yes

Multiple vulnerabilities in Juniper Cloud Native Router 2024-04-15
High Yes

Multiple vulnerabilities in IBM QRadar SIEM 2024-04-12
High Yes

Privilege escalation in Microsoft Azure Monitor Agent 2024-04-10
Low Yes

Privilege escalation in Microsoft Install Service 2024-04-10
Low Yes

Multiple vulnerabilities in Microsoft Windows Authentication 2024-04-10
Low Yes

Privilege escalation in Microsoft Windows File Server Resource Management Service 2024-04-10
Low Yes

Privilege escalation in Microsoft Office 2024-03-12
Low Yes

Multiple vulnerabilities in IBM App Connect Enterprise Certified Container 2024-03-08
Medium Yes

References

Description of CWE-59 on Mitre website