|
Critical
|
|
Connection to the system is not encrypted
|
ServiceCallout
MessageLogging
Target |
Data in Transit |
CWE-319
|
|
Lack of certificate validation
|
ServiceCallout
MessageLogging
Target |
Data in Transit |
CWE-295
|
|
High
|
|
Flow accepts confidential data as URL parameters
|
Flow
PreFlow |
Data in Transit |
CWE-598
|
|
JSONThreatProtection policy is not applied to a request body with JSON type
|
Flow |
Data Validation |
CWE-502
CWE-20
|
|
No TLS protocol specified in connection definition
|
ServiceCallout
MessageLogging
Target |
Data in Transit |
CWE-327
|
|
Medium
|
|
Condition has undefined variables
|
Step
RouteRule
Flow |
Code Quality |
CWE-570
CWE-571
|
|
Flow accepts requests with any method
|
Flow |
Data Validation |
CWE-749
|
|
Flow doesn't limit HTTP methods correctly
|
Flow |
Data Validation |
CWE-749
|
|
Lack of DefaultFaultRule
|
Target
Proxy |
Error Handling |
CWE-390
|
|
MatchesPath is applied to a static parameter
|
Target
Proxy |
Code Quality
Data Validation |
CWE-20
|
|
Unreachable FaultRule
|
Target
Proxy |
Code Quality |
CWE-561
|
|
Unreachable Flow
|
Target
Proxy |
Code Quality |
CWE-561
|
|
Low
|
|
Overcomplicated or malformed condition
|
Step
RouteRule
Flow |
Code Quality |
CWE-570
CWE-571
|