Description
The code at one architectural layer invokes code that resides at a deeper layer than the adjacent layer, i.e., the invocation skips at least one layer, and the invoked code is not part of a vertical utility layer that can be referenced from any horizontal layer.
Potential Impact
Other
Reduce Maintainability
Related Weaknesses
Taxonomy Mappings
- OMG ASCMM: ASCMM-MNT-12 —
Frequently Asked Questions
What is CWE-1054?
CWE-1054 (Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The code at one architectural layer invokes code that resides at a deeper layer than the adjacent layer, i.e., the invocation skips at least one layer, and the invoked code is not part of a...
How can CWE-1054 be exploited?
Attackers can exploit CWE-1054 (Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer) to reduce maintainability. This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-1054?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-1054?
CWE-1054 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.