CWE-1073
Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses
Incomplete
2019-01-03 00:00 +00:00
2024-02-29 00:00 +00:00
Alerte pour un CWE
Stay informed of any changes for a specific CWE.
Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses
The product contains a client with a function or method that contains a large number of data accesses/queries that are sent through a data manager, i.e., does not use efficient database capabilities.
Extended Description
This issue can make the product perform more slowly. If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.
While the interpretation of "large number of data accesses/queries" may vary for each product or developer, CISQ recommends a default maximum of 2 data accesses per function/method.
Informations
Common Consequences
| Scope | Impact | Likelihood |
|---|---|---|
| Other | Reduce Performance |
Vulnerability Mapping Notes
Rationale : This entry is primarily a quality issue with no direct security implications.Comments : Look for weaknesses that are focused specifically on insecure behaviors that have more direct security implications.
References
REF-959
Automated Source Code Performance Efficiency Measure (ASCPEM)Object Management Group (OMG).
https://www.omg.org/spec/ASCPEM/
Submission
| Name | Organization | Date | Date Release | Version |
|---|---|---|---|---|
| CWE Content Team | MITRE | 3.2 |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| CWE Content Team | MITRE | updated Description, Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated References, Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Mapping_Notes |
2024©
tesweb SA
