Low High
Name Scopes Tags Links
High
API Key is not removed before the request is sent to target system Proxy Data in Transit CWE-201
AssignMessage request parameters pollution AssignMessage Data Validation CWE-20
Authorization header is not removed before the request is sent to target system Proxy Data in Transit CWE-201
Cache is accessed without prior authentication Step Authentication & Authorisation CWE-306
Confidential data is used as a cache key Step Data at Rest CWE-256 CWE-312
Flow accepts confidential data as URL parameters Flow PreFlow Data in Transit CWE-598
Insecure Quota configuration Step Code Quality Data Validation CWE-770
JSONThreatProtection policy is not applied to a request body with JSON type Flow Data Validation CWE-502 CWE-20
No TLS protocol specified in connection definition ServiceCallout MessageLogging Target Data in Transit CWE-327
Open Redirect Step Data Validation CWE-601 CWE-20
Policy sets confidential data in URL parameters Step Data in Transit CWE-598
Proxy doesn't have default flow Proxy Code Quality Data Validation CWE-20
Request content is tainted by user input Step Data Validation CWE-20 CWE-116
SpikeArrest policy doesn't use any identifier SpikeArrest DoS Protection CWE-770
Target URL is tainted by user input Step Data Validation CWE-22 CWE-233 CWE-918 CWE-20
Unsafe regular expression Step Data Validation CWE-1333
Unsafe variable is used to define host Step Data Validation CWE-20
Use of weak hash algorithms AssignMessage HMAC JavaScript Secure Configuration CWE-327
User-controlled data in ServiceCallout Step Data Validation CWE-233 CWE-20
Low
Cache lookup variable is overwritten Step Code Quality CWE-472