Medium Critical
Name Scopes Tags Links
Medium
Unreachable RouteRule Proxy Code Quality CWE-561
Unreachable Flow Target Proxy Code Quality CWE-561
Unreachable FaultRule Target Proxy Code Quality CWE-561
ServiceCallout policy uses default message object as a response ServiceCallout Code Quality CWE-200
ServiceCallout policy uses default message object as a request ServiceCallout Code Quality CWE-200
Private flow variable is written into public one Step Data at Rest CWE-532
No SpikeArrest policy is applied Proxy Code Quality DoS Protection CWE-770
MatchesPath is applied to a static parameter Target Proxy Code Quality Data Validation CWE-20
Masked flow variable is written into unmasked one Step Data at Rest CWE-532
Lack of DefaultFaultRule Target Proxy Error Handling CWE-390
Insecure token expiration configuration OAuthV2 Secure Configuration CWE-613
Insecure JSONThreatProtection policy JSONThreatProtection Code Quality Data Validation CWE-770 CWE-20
Flow doesn't limit HTTP methods correctly Flow Data Validation CWE-749
Flow accepts requests with any method Flow Data Validation CWE-749
Error flow variable is set but not checked in request phase Step Error Handling CWE-390
Critical
Sensitive information is in the source code Step Data at Rest CWE-256 CWE-312
Request content is stringified Step Data Validation DoS Protection CWE-20
Lack of certificate validation ServiceCallout MessageLogging Target Data in Transit CWE-295
JWT/JWS is decoded but not verified in the same flow phase Step Authentication & Authorisation CWE-347
Connection to the system is not encrypted ServiceCallout MessageLogging Target Data in Transit CWE-319