SYM_CONF_0117 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The API Management service is not configured to use a virtual network, which means its endpoints are exposed to the public internet instead of being isolated within a private network.
Impact
Without virtual network integration, API Management services are more accessible to unauthorized users, increasing the risk of unauthorized access, data exposure, and potential attacks from the internet. This can compromise sensitive APIs and internal resources.