Description

OData (Open Data Protocol) is an ISO/IEC approved, OASIS standard that defines a set of best practices for building and consuming RESTful APIs.

It was detected that an OData feed is accessible anonymously, without authentication.

Remediation

If the OData feed contains sensitive information, it's recommended to restrict access to this OData feed.

References

38M Records Were Exposed Online

Anonymous access available to OData feed

By Design: How Default Permissions on Microsoft Power Apps Exposed Millions

Related Vulnerabilities

Jetpack 2.9.3: Critical Security Update

WordPress Plugin Vitamin Multiple Arbitrary File Disclosure Vulnerabilities (1.0.0)

WordPress Plugin Font Awesome Information Disclosure (4.0.0-rc16)

WordPress Plugin WP-Property-WordPress Powered Real Estate and Property Management Information Disclosure (1.38.3.2)

WordPress Plugin Product Input Fields for WooCommerce Arbitrary File Download (1.2.6)

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure