OpenAPI Exposure

The OpenAPI Specification (OAS) is a standard developed by the OpenAPI Initiative to describe and document RESTful APIs. The OpenAPI Specification defines a standard JSON structure for describing an API.

Impact

OpenAPI services provide alternative, and sometimes low-level, ways to access the application and therefore need to be fully inspected for vulnerabilities.

Solution

If the OpenAPI services are not in use ensure that they are removed or only available to authorised personnel.