DerScanner
Home / Vulnerability Database / PL or SQL : Insecure GRANT usage: all permissions
PL/SQL

PL or SQL : Insecure GRANT usage: all permissions

Classification

OWASP Top 10 2013
A7-Missing Function Level Access Control
OWASP Top 10 2017
A5-Broken Access Control
OWASP Top 10 2021
A1-Broken Access ControlA4-Insecure Design
PCI DSS 4.0
6.2.4
HIPAA
§164.312 (a)(1)
CWE
CWE-266CWE-269CWE-1033

Overview

ALL and ALL PRIVILEGES grant all applicable privileges to the user. Granting all privileges may be insecure.

References

  1. CWE-269: Improper Privilege Management
  2. GRANT - docs.oracle.com
  3. Top 10 Oracle Steps to a Secure Oracle Database Server - Chris Stark / opensecurityresearch.com
  4. Database Real Application Security Administrator’s and Developer’s Guide - docs.oracle.com
  5. OWASP Top 10 2017-A5-Broken Access Control
  6. CWE-1033
MEDIUM

DerScanner Severity Score

Do you want to fix PL or SQL : Insecure GRANT usage: all permissions in your application?

See also

PL/SQL

PL or SQL : Open redirect

PL/SQL

PL or SQL : Cross-site scripting (XSS)

PL/SQL

PL or SQL : Weak hashing algorithm