Critical-risk tools in Kaizen Qbo
7 of the 29 tools in Kaizen Qbo are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
qbo_delete_entityDestructiveDelete a QBO entity by type and ID. Transactions (Invoice, Bill, JournalEntry, Payment, Purchase, Transfer, etc.) with a TxnDate on or before the company
-
qbo_void_invoiceDestructiveVoid a QBO invoice by ID. Memo is prefixed with \
-
qbo_create_bill_paymentFinancialPay one or more open Bills. Required: VendorRef, TotalAmt, PayType (\
-
qbo_create_depositFinancialCreate a QBO Deposit record. Required: DepositToAccountRef (bank account) and Line[]. Each line is either a direct deposit (AccountRef on DepositLineDetail) or an applied paymen...
-
qbo_create_paymentFinancialCreate a QBO payment. Requires CustomerRef and TotalAmt.
-
qbo_create_refund_receiptFinancialCreate a QBO RefundReceipt (customer refund). Required: CustomerRef, DepositToAccountRef (the account the refund is drawn from — bank, credit card, or UF), and Line[].
-
qbo_create_transferFinancialCreate a QBO Transfer (moves funds from one bank/credit card account to another). Required: FromAccountRef, ToAccountRef, Amount. TxnDate optional. From and To must differ. Use ...
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.