Security Test: High number of PCI¶
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | Frontend Scanner |
|---|---|---|
Description¶
Default Severity:
When access control is not properly implemented, some payment card information (PCI) can leak to the public. It may lead to data breaches, financial loss, regulatory violations, and severe legal penalties including PCI DSS non-compliance.
Configuration¶
Identifier:
information_disclosure/high_number_of_pci
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API1:2023 |
| PCI DSS | 6.5.3 |
| PSD2 | Article-95 |
| ISO 27001 | A.18.1 |
| NIST | SP800-53 |
| FedRAMP | AC-4 |
| CWE | 200 |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C |
| CVSS Score | 7.2 |