SYM_CONF_0080 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The Azure Data Factory resource is configured with public network access enabled, which allows connections from the internet. This exposes the service to unauthorized users and increases the risk of external attacks.
Impact
If public network access is not disabled, attackers could attempt to access, manipulate, or exfiltrate data from your Data Factory instance over the internet. This could lead to data breaches, unauthorized data processing, or compromise of sensitive workflows.