CWE-1073

Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses

Base

Incomplete

Description

The product contains a client with a function or method that contains a large number of data accesses/queries that are sent through a data manager, i.e., does not use efficient database capabilities.

{"xhtml:p":["While the interpretation of \"large number of data accesses/queries\" may vary for each product or developer, CISQ recommends a default maximum of 2 data accesses per function/method."]}

Parent Weaknesses (ChildOf)

CWE-405: Asymmetric Resource Consumptio...

Common Consequences

Scope

Other

Impact

Reduce Performance

Applicable Platforms

SQL

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-1073

Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses

Description

Relationships

Common Consequences

Applicable Platforms