-
Type:
Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 6.2.X EE, 7.0.0 Beta 7
-
Fix Version/s: 6.2.X EE, 7.0.0 DXP SP2, 7.0.0 DXP FP13, 7.0.0 DXP SP3, 7.0.3 CE GA4, Master
-
Component/s: Security Vulnerability, Web Services, Web Services > JSON WS
-
Branch Version/s:7.0.x, 6.2.x
-
Backported to Branch:Committed
-
Story Points:1
-
Fix Priority:3
-
Git Pull Request:
Steps to reproduce:
1, Go to http://localhost:8080/api/jsonws
2, Search for "portal"
Expected result: Only two methods should be visible: getBuildNumber and getVersion
Actual result: All methods are available
CVSS Base Score: 5.5 CVSS Temporal Score: 5 CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N/E:P/RL:U/RC:C)
- relates
-
LPE-15130 JSONWS exposes methods that should not be exposed
-
- Closed
-