Salesforce Aura is a UI framework that enables users to create enterprise-level applications with Salesforce. The Lightning Component framework is built on the open-source Aura framework.

The Aura API provides many features, some of which are considered dangerous.

Impact

Attackers can retrieve custom object names and retrieve records that may contain sensitive information.

Solution

Ensure that all Salesforce security updates are applied. Consult with best-practices guidelines for Salesforce applications.

References

https://www.enumerated.de/index/salesforce

Salesforce Aura Exposure

Impact

Solution

References