SYM_CONF_0059 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The Azure Cosmos DB resource is configured to allow public network access, which means it can be reached from any internet location. This increases the risk that unauthorized users could access your database.
Impact
If public network access is enabled, attackers may be able to connect to the database from outside your trusted network, potentially leading to data exposure, unauthorized data manipulation, or service disruption. This could compromise sensitive information and impact application integrity.