Host 44.237.184.236
United States
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 44.237.184.236
Domain: devapi.medplum.claimpower.com
Port: 443
URL: https://devapi.medplum.claimpower.comFirst seen 2025-11-03 17:13
Last seen 2025-11-03 17:13-
Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff431e6a60e135bcb8bd3921adfe564bd076c7659e1ePublic Swagger UI/API detected at path: /swagger.json - sample paths: GET /api/ GET /api/404 GET /api/callback GET /api/claimpower/billing/patient_search GET /api/claimpower/flag GET /api/claimpower/patient GET /api/claimpower/patient_calls GET /api/claimpower/patient_calls/patient GET /api/claimpower/transfer/get_patient_info GET /api/claimpower/transfer/transfer_encounter GET /api/claimpower/ui/settings GET /api/doc GET /api/echo/pulse GET /api/extensions/?name GET /api/fhir/observation/ GET /api/fhir/patient/?id GET /api/fhir/questionnaire/?id GET /api/healthcheck GET /api/resources/?name GET /api/resources/Patient GET /api/systems/?name GET /api/teapot POST /api/auth/token POST /api/auth/userinfo POST /api/claimpower/billing/get_census_info POST /api/claimpower/billing/patient POST /api/claimpower/fhir POST /api/claimpower/forms/pdf POST /api/claimpower/forms/pdf/id POST /api/claimpower/forms/upload POST /api/claimpower/patient/ebill POST /api/claimpower/patient/get POST /api/claimpower/patient/get_form_url POST /api/claimpower/patient/get_ui_url POST /api/claimpower/redirect POST /api/claimpower/tests POST /api/claimpower/wrapper POST /api/og POST /api/phasezero
Found on 2025-11-03 17:13
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-03 11:59-
Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff431e6a60e135bcb8bd3921adfe564bd076c7659e1ePublic Swagger UI/API detected at path: /swagger.json - sample paths: GET /api/ GET /api/404 GET /api/callback GET /api/claimpower/billing/patient_search GET /api/claimpower/flag GET /api/claimpower/patient GET /api/claimpower/patient_calls GET /api/claimpower/patient_calls/patient GET /api/claimpower/transfer/get_patient_info GET /api/claimpower/transfer/transfer_encounter GET /api/claimpower/ui/settings GET /api/doc GET /api/echo/pulse GET /api/extensions/?name GET /api/fhir/observation/ GET /api/fhir/patient/?id GET /api/fhir/questionnaire/?id GET /api/healthcheck GET /api/resources/?name GET /api/resources/Patient GET /api/systems/?name GET /api/teapot POST /api/auth/token POST /api/auth/userinfo POST /api/claimpower/billing/get_census_info POST /api/claimpower/billing/patient POST /api/claimpower/fhir POST /api/claimpower/forms/pdf POST /api/claimpower/forms/pdf/id POST /api/claimpower/forms/upload POST /api/claimpower/patient/ebill POST /api/claimpower/patient/get POST /api/claimpower/patient/get_form_url POST /api/claimpower/patient/get_ui_url POST /api/claimpower/redirect POST /api/claimpower/tests POST /api/claimpower/wrapper POST /api/og POST /api/phasezero
Found on 2025-11-03 11:59
-