Description

We detected a path endpoint parameter which might be enumerable. If the parameter is enumerable, it could potentially allow attackers to perform a range of attacks, such as guessing or brute-forcing valid values for the parameter. This could potentially lead to unauthorized access to sensitive information or other security issues.

• 

  Recommended Mitigation

  Protect your APIs from BOLA exploitation risks by using non-guessable unique identifiers for your entity identifiers - such as Universally Unique Identifiers (UUIDs). Moreover, always ensure authorization mechanisms are in place for each and every endpoint operation.