CWE-1083 从外部预期的数据管理器组件进行数据访问
Data Access from Outside Expected Data Manager Component
结构: Simple
Abstraction: Base
状态: Incomplete
被利用可能性: unkown
基本描述
The software is intended to manage data access through a particular data manager component such as a relational or non-SQL database, but it contains code that performs data access operations without using that component.
扩展描述
When the software has a data access component, the design may be intended to handle all data access operations through that component. If a data access operation is performed outside of that component, then this may indicate a violation of the intended design.
This issue can prevent the software from running reliably. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 1061 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 1061 cwe_View_ID: 699 cwe_Ordinal: Primary
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Other | Reduce Reliability |
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| OMG ASCRM | ASCRM-RLB-10 |
引用
文章来源于互联网:scap中文网
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论