Question on vulnerabilities (API Portal Software)