DerScanner
Home / Vulnerability Database / Scala : Unsafe database connection via applet
Scala

Scala : Unsafe database connection via applet

Classification

OWASP Top 10 2017
A6-Security Misconfiguration
OWASP Top 10 2021
A5-Security Misconfiguration
PCI DSS 4.0
7.2.6
HIPAA
§164.312 (a)(1)
CWE
CWE-862
CWE/SANS Top 25 2011
CWE-862
CWE/SANS Top 25 2021
CWE-862

Overview

The application uses JDBC (Java Database Connectivity) methods. Applets that use JDBC in an untrusted environment can compromise the database.

According to the default settings, Java applet can open a connection to a database located on the server from which it was downloaded. This is acceptable only in a trusted environment. Otherwise, an attacker can use the applet to get access parameters and ultimately to gain direct access to the database.

References

  1. CWE-305: Authentication Bypass by Primary Weakness
  2. OWASP Top 10 2017-A6-Security Misconfiguration
MEDIUM

DerScanner Severity Score

Do you want to fix Scala : Unsafe database connection via applet in your application?

See also

Scala

Scala : Unreleased resource stream

Scala

Scala : Multiple loggers in same class

Scala

Scala : Insufficient encryption key length