Description
The product performs a data query with a large number of joins and sub-queries on a large data table.
While the interpretation of "large data table" and "large number of joins or sub-queries" may vary for each product or developer, CISQ recommends a default of 1 million rows for a "large" data table, a default minimum of 5 joins, and a default minimum of 3 sub-queries.
Potential Impact
Other
Reduce Performance
Related Weaknesses
Taxonomy Mappings
- OMG ASCPEM: ASCPEM-PRF-4 —
Frequently Asked Questions
What is CWE-1049?
CWE-1049 (Excessive Data Query Operations in a Large Data Table) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product performs a data query with a large number of joins and sub-queries on a large data table.
How can CWE-1049 be exploited?
Attackers can exploit CWE-1049 (Excessive Data Query Operations in a Large Data Table) to reduce performance. This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-1049?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-1049?
CWE-1049 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.