Skip to main content
Ensure MSSQL is using the latest version of TLS encryption
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-326: Inadequate Encryption Strength
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
Ensure Virtual Machine Extensions are not Installed
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Ensure public network access enabled is set to False for MySQL servers
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Ensure that Azure Cosmos DB disables public network access
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Ensure Storage Account is using the latest version of TLS encryption
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-326: Inadequate Encryption Strength
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
Ensure that MySQL server enables infrastructure encryption
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure
Ensure that PostgreSQL server enables infrastructure encryption
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure
Ensure that Azure Batch account uses key vault to encrypt data
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure
Ensure public network access enabled is set to False for MariaDB servers
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Ensure that the expiration date is set on all keys
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure
Ensure Azure managed disk has encryption enabled
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure
Ensure that Azure Cognitive Search disables public network access
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Ensure that Azure Data Explorer uses disk encryption
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure
Ensure that function apps enables Authentication
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Ensure that Azure Cache for Redis disables public network access
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Ensure that Network Security Group Flow Log retention period is 90 days or greater
Ensure that Public access level is set to Private for blob containers
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Ensure that Azure Container group is deployed into virtual network
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Ensure public network access enabled is set to False for PostgreSQL servers
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Ensure Cosmos DB accounts have restricted access
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Ensure that Virtual machine scale sets have encryption at host enabled
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure
Ensure that Azure Data Factory uses Git repository for source control
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Ensure that Azure IoT Hub disables public network access
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Ensure that managed disks use a specific set of disk encryption sets for the customer-managed key encryption
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure
Ensure that Azure File Sync disables public network access
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Ensure that Activity Log Retention is set 365 days or greater
Ensure that Cosmos DB accounts have access key write capability disabled
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Ensure that only SSL are enabled for Cache for Redis
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-319: Cleartext Transmission of Sensitive Information
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
Ensure that Azure Data Explorer uses double encryption
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure
Ensure that Cognitive Services accounts disable public network access
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Ensure that Automation account variables are encrypted
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure
Ensure default network access rule for Storage Accounts is set to deny
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
ensure that CORS disallows all resources to access Function app
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-942: Permissive Cross-domain Policy with Untrusted Domains
OWASP:
- A05:2021 - Security Misconfiguration
Ensure that Data Lake Store accounts enables encryption
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure
Ensure MySQL is using the latest version of TLS encryption
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-326: Inadequate Encryption Strength
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
Ensure that key vault key is backed by HSM
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure
Ensure that Azure Data factory public network access is disabled
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Ensure that Cosmos DB accounts have customer-managed keys to encrypt data at rest
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure
Ensure that SQL server disables public network access
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Ensure that Service Fabric use three levels of protection available
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure
Ensure that remote debugging is not enabled for app services
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Ensure that Virtual machine does not enable password authentication
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Ensure that no custom subscription owner roles are created
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Ensure PostgreSQL is using the latest version of TLS encryption
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-326: Inadequate Encryption Strength
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Ensure that Azure Event Grid Domain public network access is disabled
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control