DerScanner
Home / Vulnerability Database / COBOL : Unsafe subprogram access control
COBOL

COBOL : Unsafe subprogram access control

Classification

OWASP Top 10 2013
A1-InjectionA4-Insecure Direct Object ReferencesA7-Missing Function Level Access Control
OWASP Top 10 2017
A1-InjectionA5-Broken Access Control
OWASP Top 10 2021
A3-InjectionA1-Broken Access Control
OWASP ASVS
Access ControlAccess ControlAccess ControlAccess Control
PCI DSS 4.0
6.2.47.2.6
HIPAA
§164.312 (a)(1)§164.312 (d)
CWE
CWE-284CWE-287CWE-1027CWE-1030CWE-1033
CWE/SANS Top 25 2021
CWE-287

Overview

The COBOL language supports the construction of calling and executing a subprogram. This construction is as follows:

...
PROCEDURE DIVISION.
    BEGIN.
    ...
    CALL WS-PGM-BAD.
    ...
    STOP RUN.

An attacker may try to access the subprogram or compromise it. As a result, the security code will be compromised.

Broken Access Control take the fifth place in the “OWASP Top 10 2017” web application vulnerabilities ranking.

References

  1. OWASP Top 10 2017-A5-Broken Access Control
  2. Rules for calling subprograms
  3. CWE-284
  4. CWE CATEGORY: OWASP Top Ten 2017 Category A1 - Injection
  5. CWE-1030
MEDIUM

DerScanner Severity Score

Do you want to fix COBOL : Unsafe subprogram access control in your application?

See also

COBOL

COBOL : Weak hashing algorithm

COBOL

COBOL : HTTP usage

COBOL

COBOL : Hardcoded password