126 – Lack of isolation methods

Description

The system do not use isolation methods for running applications.

Impact

Allow the construction of covert communication channel.

Recommendation

- Use dedicated cloud servers rather than VMs or cloud-based containers. - Implement specific isolation strategies, particularly between hosts and the network.

Threat

External attacker with access to the application.

Expected Remediation Time

120 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): H
• Integrity (VI): L
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: X

Requirements

• 374 - Use of isolation methods in running applications

Fixes

• Go
• Java
• Scala
• Swift

Last updated

2024/02/13