Name Scopes Tags Links
High
Policy sets confidential data in URL parameters Step Data in Transit CWE-598
Open Redirect Step Data Validation CWE-601 CWE-20
No TLS protocol specified in connection definition ServiceCallout MessageLogging Target Data in Transit CWE-327
JSONThreatProtection policy is not applied to a request body with JSON type Flow Data Validation CWE-502 CWE-20
Insecure Quota configuration Step Code Quality Data Validation CWE-770
Info
Policy is not linked to step Proxy Code Quality CWE-561
Missing API versioning Proxy Secure Configuration CWE-710
Low
Policy errors are not caught Step Error Handling CWE-390
Overcomplicated or malformed condition Step RouteRule Flow Code Quality CWE-570 CWE-571
No mask configuration for the proxy Proxy Code Quality
Missing security headers Proxy Secure Configuration CWE-523
Medium
No SpikeArrest policy is applied Proxy Code Quality DoS Protection CWE-770
MatchesPath is applied to a static parameter Target Proxy Code Quality Data Validation CWE-20
Masked flow variable is written into unmasked one Step Data at Rest CWE-532
Lack of DefaultFaultRule Target Proxy Error Handling CWE-390
Insecure token expiration configuration OAuthV2 Secure Configuration CWE-613
Insecure JSONThreatProtection policy JSONThreatProtection Code Quality Data Validation CWE-770 CWE-20
Flow doesn't limit HTTP methods correctly Flow Data Validation CWE-749
Critical
Lack of certificate validation ServiceCallout MessageLogging Target Data in Transit CWE-295
JWT/JWS is decoded but not verified in the same flow phase Step Authentication & Authorisation CWE-347