logo

Database

Lack of data validation - Numbers

Description

There is insecure functionality that can break the current business logic and negatively impact the business.

Impact

Carry out transactions with a lower value than it should be.

Recommendation

Validate that the values of the transaction drafts do not travel in the request or that when they are modified, the request is cancelled.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

173 - Discard unsafe inputs320 - Avoid client-side control enforcement342 - Validate request parameters

Fixes

CsharpDartElixirGoJavaPhpPythonRubyScalaSwiftTypescript

Score

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

Attack vector

N

Attack complexity

L

Attack requirements

N

Privileges required

L

User interaction

N

Confidentiality (VC)

N

Integrity (VI)

H

Availability (VA)

N

Confidentiality (SC)

N

Integrity (SI)

N

Availability (SA)

N

Threat 4.0

Exploit maturity

X

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N