← All findings
f-002 — BOLA / IDOR in /api/v1/accounts/{id}
high · public-api · status open · first seen 2026-04-23
Framework mapping
| Framework | Controls / requirements |
|---|---|
| ISO/IEC 27001:2022 ISMS |
A.8.3 Access rights |
| NIST Cybersecurity Framework 2.0 Risk |
PR.AC-4 |
| NIST SP 800-53 r5 Federal controls |
AC-3 |
| OWASP API Security Top 10 (2023) API |
API1:2023 |
| MITRE ATT&CK Adversary TTPs |
T1213 |