OData feed accessible anonymously - Vulnerability Database

OData feed accessible anonymously

Description

OData (Open Data Protocol) is an ISO/IEC approved, OASIS standard that defines a set of best practices for building and consuming RESTful APIs.

It was detected that an OData feed is accessible anonymously, without authentication.

Remediation

If the OData feed contains sensitive information, it's recommended to restrict access to this OData feed.

References

38M Records Were Exposed Online

Anonymous access available to OData feed

By Design: How Default Permissions on Microsoft Power Apps Exposed Millions

Related Vulnerabilities

Severity

Low

Classification

CWE-200

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N