Domain auth.wms.cloudxsystems.net
United States
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 20.81.48.26
Domain: auth.wms.cloudxsystems.net
Port: 443
URL: https://auth.wms.cloudxsystems.netFirst seen 2025-11-03 17:34
Last seen 2026-01-09 12:01
Open for 66 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549828ee620409bc2c34d3330ed9181e702c3be9111Public Swagger UI/API detected at path: /swagger/index.html - sample paths: DELETE /api/account-inventory-group/{accountInventoryGroupId}/api-access/{id} DELETE /api/account-public-api-access/{accountId}/delete DELETE /api/account-public-api-access/{accountId}/secret/{secretId}/delete DELETE /api/tenant-public-api-access/delete DELETE /api/tenant-public-api-access/secret/{secretId}/delete GET /api/account-inventory-group/{accountInventoryGroupId}/api-access GET /api/account-public-api-access/{accountId} GET /api/account/{accountId}/user GET /api/account/{accountId}/user/select-list GET /api/account/{accountId}/user/{id} GET /api/api-resources GET /api/api-resources/{id} GET /api/api-resources/{id}/properties GET /api/api-resources/{id}/properties/{propertyId} GET /api/api-resources/{id}/secrets GET /api/api-resources/{id}/secrets/{secretId} GET /api/api-scopes GET /api/api-scopes/select-list GET /api/api-scopes/{id} GET /api/api-scopes/{id}/properties GET /api/api-scopes/{id}/properties/{propertyId} GET /api/chat-bot/ask GET /api/clients GET /api/clients/pre-configured/{clientType} GET /api/clients/{id} GET /api/clients/{id}/claims GET /api/clients/{id}/claims/{claimId} GET /api/clients/{id}/secrets GET /api/clients/{id}/secrets/{secretId} GET /api/cloudx-applications GET /api/cloudx-applications/select-list GET /api/cloudx-applications/{id}/permissions GET /api/date-formats/select-list GET /api/domains GET /api/domains/check-name GET /api/domains/select-list GET /api/domains/{id} GET /api/grant-types/select-list GET /api/hash-types/select-list GET /api/permissions GET /api/permissions/my GET /api/permissions/select-list GET /api/permissions/{id} GET /api/roles GET /api/roles/select-list GET /api/roles/{id} GET /api/roles/{id}/permissions GET /api/secret-types/select-list GET /api/signing-algorithms/select-list GET /api/tenant-public-api-access GET /api/tenants GET /api/tenants/idle-session-timeout GET /api/tenants/select-list GET /api/tenants/{id} GET /api/time-formats/select-list GET /api/timezones/select-list GET /api/tokens/access-token-types/select-list GET /api/tokens/token-expiration/select-list GET /api/tokens/token-usage/select-list GET /api/users GET /api/users/validate-email/{email} GET /api/users/validate-username/{username} GET /api/users/{id} GET /api/users/{id}/permissions GET /api/users/{id}/roles GET /api/users/{userId}/validate-employeeid/{employeeId} POST /api/account-public-api-access/{accountId}/secret POST /api/account/{accountId}/user/invite POST /api/roles/assign-permissions POST /api/roles/re-sync POST /api/tenant-public-api-access/secret POST /api/users/invite POST /api/users/re-sync POST /api/users/resend-invite POST /api/users/send-to-audit/{tenantId} PUT /api/account-inventory-group/{accountInventoryGroupId}/api-access/{id}/re-generate-secret PUT /api/account-inventory-group/{accountInventoryGroupId}/api-access/{id}/toggle PUT /api/account-public-api-access/{accountId}/secret/{secretId}/permissions PUT /api/account-public-api-access/{accountId}/secret/{secretId}/toggle PUT /api/tenant-public-api-access/secret/{secretId}/permissions PUT /api/tenant-public-api-access/secret/{secretId}/toggle PUT /api/users/{id}/regenerate-barcode PUT /api/users/{id}/set-active PUT /api/users/{id}/set-passwordFound on 2026-01-09 12:01
-
-
Open service 20.81.48.26:443 · auth.wms.cloudxsystems.net
2026-01-09 12:01
HTTP/1.1 404 Not Found Date: Fri, 09 Jan 2026 12:01:48 GMT Content-Length: 0 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains
Found 2026-01-09 by HttpPluginCreate report
-
Open service 20.81.48.26:443 · auth.wms.cloudxsystems.net
2026-01-02 20:45
HTTP/1.1 404 Not Found Date: Fri, 02 Jan 2026 20:45:22 GMT Content-Length: 0 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains
Found 2026-01-02 by HttpPluginCreate report
-
Open service 20.81.48.26:443 · auth.wms.cloudxsystems.net
2025-12-23 00:42
HTTP/1.1 404 Not Found Date: Tue, 23 Dec 2025 00:42:34 GMT Content-Length: 0 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains
Found 2025-12-23 by HttpPluginCreate report
-
Open service 20.81.48.26:443 · auth.wms.cloudxsystems.net
2025-12-20 17:11
HTTP/1.1 404 Not Found Date: Sat, 20 Dec 2025 17:11:30 GMT Content-Length: 0 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains
Found 2025-12-20 by HttpPluginCreate report
-
Open service 20.81.48.26:443 · auth.wms.cloudxsystems.net
2025-12-19 06:55
HTTP/1.1 404 Not Found Date: Fri, 19 Dec 2025 06:55:18 GMT Content-Length: 0 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains
Found 2025-12-19 by HttpPluginCreate report