073 – Improper authorization control for web services - RDS

Description

Some RDS instances can be publicly accessible, which can compromise the stored information.

Impact

Obtain confidential information of the database.

Recommendation

Ensure that the relational databases are accesible only by users and roles authenticated and authorized.

Threat

Anonymous attacker on the Internet.

Expected Remediation Time

15 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Requirements

• 096 - Set user's required privileges
• 176 - Restrict system objects
• 265 - Restrict access to critical processes

Fixes

• Aws
• Cloudformation
• Go
• Java
• Scala

Last updated

2024/02/09