Misbehaviour LossOfExtrinsic-QI-TW

URI: LossOfExtrinsic-QI-TW

Description: Discovery by potential attackers of a vulnerability whose exploitation would allow an attacker to inject queries that will be passed to a trusting back-end process.

This misbehaviour affects the trustworthiness attribute Extrinsic-QI-TW

Process

Represents a process (usually implemented by software running on a Host) that can read, update or create data, or exchange data with other processes.

P.E-QI.HP-iT.8

Vulnerability (QI) discovered at Process: software vulnerability found in process Process, which could allow injection of queries into a back-end database, and may be known to attackers. Around 3 percent of vulnerabilities relate to query injection, but around 5 percent of all low complexity attacks are of this type (NVD 2015-2019).

(empty)

CC.R.CDBSC.4

Query injection at Service into back end DB: an attacker having exploited a bug in Service when connected to DB, is able to send arbitrary queries to DB. This is modelled as an adverse behaviour in the inferred client channel representing their trust relationship, fulfilling the precondition for further threats using injected queries to access or alter data stored by DB.

Misbehaviour LossOfExtrinsic-QI-TW

Assets (1)

Threats that cause this misbehaviour (1)

P.E-QI.HP-iT.8

Threats caused by this misbehaviour (0)

Threats caused by affected trustworthiness attribute (1)

CC.R.CDBSC.4