SYM_CONF_0086 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The SQL server is configured to allow public network access, which exposes the database to the internet. This increases the risk of unauthorized access or attacks from external sources.
Impact
If public access is enabled, attackers could attempt to connect to the SQL server from anywhere, potentially leading to data breaches, data loss, or service disruptions. This exposure makes it easier for malicious actors to exploit weak credentials or vulnerabilities in the database server.