| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-206609 | CAT II | MONT-DB-002 | Database Security Requirements Guide | When invalid inputs are received, the DBMS must be... | - | |||
Check TextReview system documentation to determine how input errors are to be handled in general and if any special handling is defined for specific circumstances. Review the source code for database program objects (stored procedures, functions, triggers) and application source code to identify how the system responds to invalid input. If it does not implement the documented behavior, this is a finding. Fix TextRevise and deploy the source code for database program objects (stored procedures, functions, triggers) and application source code, to implement the documented behavior. CommentsApplication-specific logic is implemented within the database using stored procedures, functions and triggers, where appropriate. Invalid inputs return appropriate error messages and statement execution is not committed to the database. Database code does properly validate data before it is put into the database or acted upon by the database. Development team confirms that code accounts for invalid inputs by capturing error codes and returning appropriate error messages to the user for corrective action.
Source: Montford Point ShipCLIP DB V4R4.ckl
Scan Date: 2026-03-06T12:50:21.809591
Technology Area: Database Review
|
||||||||