DerScanner
Home / Vulnerability Database / ABAP : Unsafe database clients access control
ABAP

ABAP : Unsafe database clients access control

Classification

OWASP Top 10 2013
A1-InjectionA7-Missing Function Level Access Control
OWASP Top 10 2017
A5-Broken Access Control
OWASP Top 10 2021
A1-Broken Access Control
PCI DSS 4.0
6.2.47.2.6
CWE
CWE-1027CWE-1033

Overview

A client can access the data of other clients.

Each client is an autonomous unit. Automatic client processing in the Open SQL functions ensures that applications can access the data of only the current client. In Open SQL, disabling automatic client processing by adding CLIENT SPECIFIED or switching to another client by adding USING CLIENT can be viewed as access to someone else’s information that is critical for safety. In Native SQL, there is no automatic processing of the client, and the specified client must be explicitly specified in the access conditions. Specifying a client other than the current client entails accessing foreign data.

References

  1. Cross-Client Database Access
  2. Client Handling
  3. OWASP Top 10 2017-A5-Broken Access Control
  4. CWE CATEGORY: OWASP Top Ten 2017 Category A1 - Injection
  5. CWE-1033
MEDIUM

DerScanner Severity Score

Do you want to fix ABAP : Unsafe database clients access control in your application?

See also

ABAP

ABAP : Insufficient authorization check

ABAP

ABAP : Empty password

ABAP

ABAP : Weak seed of random number generator