Certified Ethical Hacker (CEH v13) — Question 282

Ron, a security professional, was pen testing web applications and SaaS platforms used by his company. While testing, he found a vulnerability that allows hackers to gain unauthorized access to API objects and perform actions such as view, update, and delete sensitive data of the company.

What is the API vulnerability revealed in the above scenario?

Answer options

• A. No ABAC validation
• B. Business logic flaws
• C. Improper use of CORS
• D. Code injections

Correct answer: A

Explanation

The correct answer is A, as the lack of Attribute-Based Access Control (ABAC) allows unauthorized access to sensitive API objects. Options B, C, and D describe different security issues that do not specifically pertain to the unauthorized access of API objects as illustrated in the scenario.