Name Severity Scopes Tags Links
No TLS protocol specified in connection definition High ServiceCallout MessageLogging Target Data in Transit CWE-327
No SpikeArrest policy is applied Medium Proxy Code Quality DoS Protection CWE-770
MatchesPath is applied to a static parameter Medium Target Proxy Code Quality Data Validation CWE-20
Masked flow variable is written into unmasked one High Step Data at Rest CWE-532
Lack of certificate validation Critical ServiceCallout MessageLogging Target Data in Transit CWE-295
JWT is decoded but not verified in the same flow phase Critical Step Authentication & Auhtorisation CWE-347
JSONThreatProtection policy is not applied to a request body with JSON type High Flow Data Validation CWE-502 CWE-20
Insecure token expiration configuration Medium OAuthV2 Secure Configuration CWE-613
Insecure Quota configuration High Step Code Quality Data Validation CWE-770
Insecure JSONThreatProtection policy Medium JSONThreatProtection Code Quality Data Validation CWE-770 CWE-20
Flow accepts confidential data as URL parameters High Flow PreFlow Data in Transit CWE-598
Error flow variable is set but not checked in request phase Medium Step Error Handling CWE-390
Connection to the system is not encrypted Critical ServiceCallout MessageLogging Target Data in Transit CWE-319
Confidential data is used as a cache key High Step Data at Rest CWE-256 CWE-312
Condition has undefined variables Medium Step RouteRule Flow Code Quality CWE-570 CWE-571
Bypassing AccessControl policy via True-Client-IP header Critical AccessControl Data Validation CWE-290
AssignMessage request parameters pollution High AssignMessage Data Validation CWE-20
API Key is not removed before the request is sent to target system High Proxy Data in Transit CWE-201