Description
The product is intended to manage data access through a particular data manager component such as a relational or non-SQL database, but it contains code that performs data access operations without using that component.
When the product has a data access component, the design may be intended to handle all data access operations through that component. If a data access operation is performed outside of that component, then this may indicate a violation of the intended design.
Potential Impact
Other
Reduce Reliability
Related Weaknesses
Taxonomy Mappings
- OMG ASCRM: ASCRM-RLB-10 —
Frequently Asked Questions
What is CWE-1083?
CWE-1083 (Data Access from Outside Expected Data Manager Component) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product is intended to manage data access through a particular data manager component such as a relational or non-SQL database, but it contains code that performs data access operations without us...
How can CWE-1083 be exploited?
Attackers can exploit CWE-1083 (Data Access from Outside Expected Data Manager Component) to reduce reliability. This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-1083?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-1083?
CWE-1083 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.