Description

The scanner detected that the application exposes endpoints for old or deprecated API versions. Attackers may exploit these endpoints to access legacy functionality, bypass security controls, or leverage unpatched vulnerabilities present in outdated API implementations. Maintaining accessible old API versions increases the attack surface and risk of compromise.

Remediation

Remove or restrict access to old and deprecated API versions. Ensure that only supported and maintained API versions are accessible. Regularly audit and decommission outdated endpoints.

References

API Versioning Best Practices

OWASP API Security Top 10

Related Vulnerabilities

WordPress Plugin JM Twitter Cards Information Disclosure (6.1)

WordPress Plugin Academy LMS-eLearning and online course solution for WordPress Information Disclosure (1.9.25)

rack-mini-profiler environment variables disclosure

WordPress Plugin WebP Express Arbitrary File Disclosure (0.14.10)

TorchServe Management API publicly exposed

Severity

Medium

Classification

CWE-693 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Api Misconfiguration