SYM_CONF_0240 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The AWS Transfer Server resource is configured with a public or unspecified endpoint type, allowing access from the internet. This exposes the server to unauthorized connections instead of restricting access to a specific VPC.
Impact
If exploited, anyone on the internet could attempt to connect to your Transfer Server, increasing the risk of unauthorized data access, credential theft, or misuse of your AWS resources. This exposure could lead to data breaches or compliance violations.