SYM_CONF_0230 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Information Loss or Omission
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-221: Information Loss or Omission |
| OWASP | A09:2021 – Security Logging and Monitoring Failures |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The DynamoDB table is created without point-in-time recovery enabled, which means you cannot restore the table to a previous state if data is accidentally or maliciously changed or deleted. This setting should be enabled to safeguard against data loss.
Impact
If point-in-time recovery is not enabled, accidental deletions or unauthorized modifications to table data cannot be reversed, potentially resulting in permanent data loss. This can disrupt application functionality, impact business operations, and compromise data reliability.