Java : Unsafe database connection config (Play)

Classification

OWASP Top 10 2013

A5-Security Misconfiguration

OWASP Top 10 2017

A6-Security Misconfiguration

OWASP Top 10 2021

A5-Security Misconfiguration

PCI DSS 4.0

6.2.4 7.2.6

HIPAA

§164.312 (a)(1)§164.312 (d)

CWE

CWE-1031

Overview

The application initiates a connection to the database using a parameter from an untrusted source. An attacker can change the connection settings.

Unsafe database connection attacks (Security Misconfiguration) take the sixth place in the OWASP Top 10 2017 web application vulnerabilities ranking.

Attacker accesses default accounts, unused pages, unpatched flaws, unprotected files and directories, etc. to gain unauthorized access to or knowledge of the system.

References

MEDIUM

Java : Unsafe database connection config (Play)

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Java : Unsafe database connection config (Play) in your application?

See also

Java : Race condition

Java : Text4Shell Vulnerability

Java : JNI usage