SYM_CONF_0075 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The SQL database firewall is configured to allow connections from any IP address (0.0.0.0/0), exposing the database to the entire internet. This removes any network-level restriction on who can access the database instance.
Impact
If exploited, anyone on the internet could attempt to connect to your database, increasing the risk of unauthorized data access, brute-force attacks, or compromise of sensitive information. This could lead to data breaches, service disruption, or further attacks against your environment.