Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-1057:Data Access Operations Outside of Expected Data Manager Component
Weakness ID:1057
Version:v4.17
Weakness Name:Data Access Operations Outside of Expected Data Manager Component
Vulnerability Mapping:Prohibited
Abstraction:Base
Structure:Simple
Status:Incomplete
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
▼Description

The product uses a dedicated, central data manager component as required by design, but it contains code that performs data-access operations that do not use this data manager.

▼Extended Description

This issue can make the product perform more slowly than intended, since the intended central data manager may have been explicitly optimized for performance or other quality characteristics. If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.

▼Alternate Terms
▼Relationships
Relevant to the view"Research Concepts - (1000)"
NatureMappingTypeIDName
ChildOfAllowed-with-ReviewC1061Insufficient Encapsulation
Nature: ChildOf
Mapping: Allowed-with-Review
Type: Class
ID: 1061
Name: Insufficient Encapsulation
▼Memberships
NatureMappingTypeIDName
MemberOfProhibitedC1132CISQ Quality Measures (2016) - Performance Efficiency
MemberOfProhibitedC1227Encapsulation Issues
MemberOfProhibitedC1309CISQ Quality Measures - Efficiency
MemberOfProhibitedC1412Comprehensive Categorization: Poor Coding Practices
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1132
Name: CISQ Quality Measures (2016) - Performance Efficiency
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1227
Name: Encapsulation Issues
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1309
Name: CISQ Quality Measures - Efficiency
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1412
Name: Comprehensive Categorization: Poor Coding Practices
▼Tags
NatureMappingTypeIDName
MemberOfProhibitedBSBOSS-313Reduce Performance (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-313
Name: Reduce Performance (impact)
▼Relevant To View
Relevant to the view"Software Development - (699)"
NatureMappingTypeIDName
MemberOfProhibitedC1227Encapsulation Issues
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 1227
Name: Encapsulation Issues
Relevant to the view"CISQ Quality Measures (2020) - (1305)"
NatureMappingTypeIDName
MemberOfProhibitedC1309CISQ Quality Measures - Efficiency
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 1309
Name: CISQ Quality Measures - Efficiency
▼Background Detail

▼Common Consequences
ScopeLikelihoodImpactNote
OtherN/AReduce Performance
N/A
Scope: Other
Likelihood: N/A
Impact: Reduce Performance
Note:
N/A
▼Potential Mitigations
▼Modes Of Introduction
▼Applicable Platforms
▼Demonstrative Examples
▼Observed Examples
ReferenceDescription
▼Affected Resources
    ▼Functional Areas
      ▼Weakness Ordinalities
      OrdinalityDescription
      Indirect
      N/A
      Ordinality: Indirect
      Description:
      N/A
      ▼Detection Methods
      ▼Vulnerability Mapping Notes
      Usage:Prohibited
      Reason:Other
      Rationale:

      This entry is primarily a quality issue with no direct security implications.

      Comments:

      Look for weaknesses that are focused specifically on insecure behaviors that have more direct security implications.

      Suggestions:
      ▼Notes
      ▼Taxonomy Mappings
      Taxonomy NameEntry IDFitEntry Name
      OMG ASCPEMASCPEM-PRF-11N/AN/A
      Taxonomy Name: OMG ASCPEM
      Entry ID: ASCPEM-PRF-11
      Fit: N/A
      Entry Name: N/A
      ▼Related Attack Patterns
      IDName
      ▼References
      Reference ID: REF-959
      Title: Automated Source Code Performance Efficiency Measure (ASCPEM)
      Author: Object Management Group (OMG)
      Section: ASCPEM-PRF-11
      Publication:
      Publisher:
      Edition:
      URL:https://www.omg.org/spec/ASCPEM/
      URL Date:2023-04-07
      Day:N/A
      Month:01
      Year:2016
      Details not found