Certified Ethical Hacker (CEH v11) — Question 342

Ron, a security professional, was pen testing web applications and SaaS platforms used by his company. While testing, he found a vulnerability that allows hackers to gain unauthorized access to API objects and perform actions such as view, update, and delete sensitive data of the company.
What is the API vulnerability revealed in the above scenario?

Answer options

• A. No ABAC validation
• B. Business logic flaws
• C. Improper use of CORS
• D. Code injections

Correct answer: A

Explanation

The correct answer is A, as the absence of Attribute-Based Access Control (ABAC) validation allows unauthorized access to API objects. Options B, C, and D refer to different types of vulnerabilities that do not specifically relate to the unauthorized access scenario described, such as flaws in business logic, misuse of CORS, or code injection attacks.