Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE VIEW:Weaknesses in Database Server
ID:BOSS-272
Vulnerability Mapping:Prohibited
Type:Implicit
Status:Draft
DetailsContent HistoryObserved CVE ExamplesReports
▼Objective

This view (slice) covers issues that are found in Database Server that are not common to all technologies.

▼Memberships
NatureMappingTypeIDName
HasMemberProhibitedB1073Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses
HasMemberAllowed-with-ReviewC116Improper Encoding or Escaping of Output
HasMemberDiscouragedC285Improper Authorization
HasMemberAllowedV564SQL Injection: Hibernate
HasMemberAllowedV566Authorization Bypass Through User-Controlled SQL Primary Key
HasMemberAllowedB619Dangling Database Cursor ('Cursor Injection')
HasMemberAllowed-with-ReviewC862Missing Authorization
HasMemberAllowed-with-ReviewC863Incorrect Authorization
HasMemberAllowedB89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
HasMemberAllowedB90Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Nature: HasMember
Mapping: Prohibited
Type: Base
ID: 1073
Name: Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 116
Name: Improper Encoding or Escaping of Output
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 285
Name: Improper Authorization
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 564
Name: SQL Injection: Hibernate
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 566
Name: Authorization Bypass Through User-Controlled SQL Primary Key
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 619
Name: Dangling Database Cursor ('Cursor Injection')
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 862
Name: Missing Authorization
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 863
Name: Incorrect Authorization
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 89
Name: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 90
Name: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
▼Vendors
Note: CVE records are filtered based on below selected vendors.
Not available
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:View
Rationale:

This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.

Comments:

Use this View or other Views to search and navigate for the appropriate weakness.

▼Notes
▼Audience
StakeholderDescription
▼References
Expand AllCollapse All
BOSS-272 - Weaknesses in Database Server
Details not found