Description

The scanner detected that the application exposes endpoints for old or deprecated API versions. Attackers may exploit these endpoints to access legacy functionality, bypass security controls, or leverage unpatched vulnerabilities present in outdated API implementations. Maintaining accessible old API versions increases the attack surface and risk of compromise.

Remediation

Remove or restrict access to old and deprecated API versions. Ensure that only supported and maintained API versions are accessible. Regularly audit and decommission outdated endpoints.

References

API Versioning Best Practices

OWASP API Security Top 10

Related Vulnerabilities

Unrestricted access to Prometheus

WordPress Plugin Image Export Arbitrary File Download (1.1.0)

WordPress Plugin Email Log Information Disclosure (1.9)

Symfony debug mode enabled

Password found in server response

Severity

Medium

Classification

CWE-693 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Api Misconfiguration