Unsecured on GET:/api/v1/primary-transaction/{id}

[jaleelsyed]

Title: Unsecured Vulnerability on GET:/api/v1/primary-transaction/{id} Project: NBfile upload Description: The unsecured exploit gives an attacker full access to the vulnerable endpoint without credentials.

Assertion The 'Unsecured Endpoint' scanning identifies vulnerabilities resulting from the non-protected endpoints. These endpoints requires no authentication scheme and are open for both authenticated and non-authenticated requests.Risk: Unsecured Severity: Medium API Endpoint: http://netbanking.apisec.ai:8080/api/v1/primary-transaction/12345 Environment: Master Playbook: ApiV1PrimaryTransactionIdGetAnonymousInvalid Researcher:

QUICK TIPS

Suggestion: Make sure the endpoint is secured as part of the authentication framework. Effort Estimate: 4.0 Hrs Wire Logs:

IMPORTANT LINKS

Vulnerability Details: https://cloud.fxlabs.io/#/app/projects/402880e880034ee50180035074de0000/recommendations/402880e4817f7a5201817fea2a150013/details

Project: https://cloud.fxlabs.io/#/app/projects/402880e880034ee50180035074de0000/jobs

Environment: https://cloud.fxlabs.io/#/app/projects/402880e880034ee50180035074de0000/environments/null/edit

Scan Dashboard: https://cloud.fxlabs.io/#/app/projects/402880e880034ee50180035074de0000/jobs/402880e880034ee501800350bdd0017e/runs/402880e4817f7a5201817fe9ef050002

Playbook: https://cloud.fxlabs.io/#/app/projects/402880e880034ee50180035074de0000/template/ApiV1PrimaryTransactionIdGetAnonymousInvalid

Coverage: https://cloud.fxlabs.io/#/app/projects/402880e880034ee50180035074de0000/configuration

Code Sample: https://cloud.fxlabs.io/#/app/projects/402880e880034ee50180035074de0000/recommendations/402880e4817f7a5201817fea2a150013/codesamples

PS: Please contact support@apisec.ai for apisec access and login issues.

--- apisec Bot ---