SYM_CLS_0006 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki

Incorrect Authorization

Property Value
Language apex
Severity medium
CWE CWE-863: Incorrect Authorization
OWASP A01:2021 - Broken Access Control
Confidence Level Low
Impact Level High
Likelihood Level Low

Description

Native Salesforce DML operations execute in system context, ignoring the current user's permissions, field-level security, organization-wide defaults, position in the role hierarchy, and sharing rules. Be mindful when using native Salesforce DML operations.