Description
The product contains a client with a function or method that contains a large number of data accesses/queries that are sent through a data manager, i.e., does not use efficient database capabilities.
While the interpretation of "large number of data accesses/queries" may vary for each product or developer, CISQ recommends a default maximum of 2 data accesses per function/method.
Potential Impact
Other
Reduce Performance
Related Weaknesses
Taxonomy Mappings
- OMG ASCPEM: ASCPEM-PRF-10 —
Frequently Asked Questions
What is CWE-1073?
CWE-1073 (Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product contains a client with a function or method that contains a large number of data accesses/queries that are sent through a data manager, i.e., does not use efficient database capabilities.
How can CWE-1073 be exploited?
Attackers can exploit CWE-1073 (Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses) to reduce performance. This weakness is typically introduced during the Architecture and Design phase of software development.
How do I prevent CWE-1073?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-1073?
CWE-1073 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.