Unsecured on DELETE:/api/v1/primary-transaction/{id}

[jaleelsyed]

Title: Unsecured Vulnerability on DELETE:/api/v1/primary-transaction/{id} Project: NBfile upload Description: The unsecured exploit gives an attacker full access to the vulnerable endpoint without credentials.

Assertion The 'Unsecured Endpoint' scanning identifies vulnerabilities resulting from the non-protected endpoints. These endpoints requires no authentication scheme and are open for both authenticated and non-authenticated requests.Risk: Unsecured Severity: Medium API Endpoint: http://netbanking.apisec.ai:8080/api/v1/primary-transaction/12345 Environment: Master Playbook: ApiV1PrimaryTransactionIdDeleteAnonymousInvalid Researcher:

QUICK TIPS

Suggestion: Make sure the endpoint is secured as part of the authentication framework. Effort Estimate: 4.0 Hrs Wire Logs:

IMPORTANT LINKS

Vulnerability Details: https://cloud.fxlabs.io/#/app/projects/402880e880034ee50180035074de0000/recommendations/402880e48184c72c018184ecfa0a0050/details

Project: https://cloud.fxlabs.io/#/app/projects/402880e880034ee50180035074de0000/jobs

Environment: https://cloud.fxlabs.io/#/app/projects/402880e880034ee50180035074de0000/environments/null/edit

Scan Dashboard: https://cloud.fxlabs.io/#/app/projects/402880e880034ee50180035074de0000/jobs/402880e880034ee501800350bdd0017e/runs/402880e48184c72c018184ec8716000b

Playbook: https://cloud.fxlabs.io/#/app/projects/402880e880034ee50180035074de0000/template/ApiV1PrimaryTransactionIdDeleteAnonymousInvalid

Coverage: https://cloud.fxlabs.io/#/app/projects/402880e880034ee50180035074de0000/configuration

Code Sample: https://cloud.fxlabs.io/#/app/projects/402880e880034ee50180035074de0000/recommendations/402880e48184c72c018184ecfa0a0050/codesamples

PS: Please contact support@apisec.ai for apisec access and login issues.

--- apisec Bot ---