Description
The code contains callable control elements that contain an excessively large number of references to other application objects external to the context of the callable, i.e. a Fan-Out value that is excessively large.
While the interpretation of "excessively large Fan-Out value" may vary for each product or developer, CISQ recommends a default of 5 referenced objects.
Potential Impact
Other
Reduce Maintainability, Increase Analytical Complexity
Related Weaknesses
Taxonomy Mappings
- OMG ASCMM: ASCMM-MNT-4 —
Frequently Asked Questions
What is CWE-1048?
CWE-1048 (Invokable Control Element with Large Number of Outward Calls) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The code contains callable control elements that contain an excessively large number of references to other application objects external to the context of the callable, i.e....
How can CWE-1048 be exploited?
Attackers can exploit CWE-1048 (Invokable Control Element with Large Number of Outward Calls) to reduce maintainability, increase analytical complexity. This weakness is typically introduced during the Implementation, Architecture and Design phase of software development.
How do I prevent CWE-1048?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-1048?
CWE-1048 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.