Flow accepts confidential data as URL parameters
|
High |
Flow
PreFlow |
Data in Transit |
CWE-598
|
JSONThreatProtection policy is not applied to a request body with JSON type
|
High |
Flow |
Data Validation |
CWE-502
CWE-20
|
Condition has undefined variables
|
Medium |
Step
RouteRule
Flow |
Code Quality |
CWE-570
CWE-571
|
Flow accepts requests with any method
|
Medium |
Flow |
Data Validation |
CWE-749
|
Flow doesn't limit HTTP methods correctly
|
Medium |
Flow |
Data Validation |
CWE-749
|
Overcomplicated or malformed condition
|
Low |
Step
RouteRule
Flow |
Code Quality |
CWE-570
CWE-571
|