CWE-1073
Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses
Incomplete
2019-01-03
00h00 +00:00
00h00 +00:00
2025-04-03
00h00 +00:00
00h00 +00:00
Notifications pour un CWE
Restez informé de toutes modifications pour un CWE spécifique.
Nom: Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses
The product contains a client with a function or method that contains a large number of data accesses/queries that are sent through a data manager, i.e., does not use efficient database capabilities.
Description du CWE
This issue can make the product perform more slowly. If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.
While the interpretation of "large number of data accesses/queries" may vary for each product or developer, CISQ recommends a default maximum of 2 data accesses per function/method.
Informations générales
Plateformes applicables
Langue
Name: SQL (Often)Technologies
Name: Database Server (Often)Conséquences courantes
| Portée | Impact | Probabilité |
|---|---|---|
| Other | Reduce Performance |
Notes de cartographie des vulnérabilités
Justification : This entry is primarily a quality issue with no direct security implications.Commentaire : Look for weaknesses that are focused specifically on insecure behaviors that have more direct security implications.
Références
REF-959
Automated Source Code Performance Efficiency Measure (ASCPEM)Object Management Group (OMG).
https://www.omg.org/spec/ASCPEM/
Soumission
| Nom | Organisation | Date | Date de publication | Version |
|---|---|---|---|---|
| CWE Content Team | MITRE | 3.2 |
Modifications
| Nom | Organisation | Date | Commentaire |
|---|---|---|---|
| CWE Content Team | MITRE | updated Description, Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated References, Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Applicable_Platforms |
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC)
sont maintenues par MITRE Corporation, et les informations sur les configurations
logicielles et matérielles (CPE) proviennent du NVD.