CA IDMS and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack.

An XCCDF Rule

Details
Profiles

Description

When the use of dynamic SQL is necessary, the code should be written so that the invalid data can be found and the appropriate action taken.

ID: SV-251623r961158_rule
Version: IDMS-DB-000520
Severity: Medium
References: CCI-001310
Updated: 3 days ago

Remediation Templates

For SQL-defined tables, ALTER TABLE <schema-name>.<table-name> ADD CHECK (search-condition).

For network-defined records, MODIFY <record-name> CALL procedure BEFORE STORE/MODIFY. Create or update procedure to validate provided record field values.

Other applications and front-ends using mapping can use the automatic editing feature and edit and code tables to verify that an input value is valid.

CA IDMS and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack.

Description

Remediation Templates

A Manual Procedure