AccessControl AssignMessage FlowCallout Proxy
Name Severity Scopes Tags Links
Bypassing AccessControl policy via True-Client-IP header Critical AccessControl Data Validation CWE-290
API Key is not removed before the request is sent to target system High Proxy Data in Transit CWE-201
AssignMessage request parameters pollution High AssignMessage Data Validation CWE-20
Authorization header is not removed before the request is sent to target system High Proxy Data in Transit CWE-201
Proxy doesn't have default flow High Proxy Code Quality Data Validation CWE-20
Use of weak hash algorithms High AssignMessage HMAC JavaScript Secure Configuration CWE-327
AccessControl allows all IPs Medium AccessControl Data Validation CWE-290
Lack of DefaultFaultRule Medium Target Proxy Error Handling CWE-390
MatchesPath is applied to a static parameter Medium Target Proxy Code Quality Data Validation CWE-20
No SpikeArrest policy is applied Medium Proxy Code Quality DoS Protection CWE-770
Unreachable FaultRule Medium Target Proxy Code Quality CWE-561
Unreachable Flow Medium Target Proxy Code Quality CWE-561
Unreachable RouteRule Medium Proxy Code Quality CWE-561
Missing security headers Low Proxy Secure Configuration CWE-523
No mask configuration for the proxy Low Proxy Code Quality
Sharedflow has not beeing scanned by CodeSent Low FlowCallout Code Quality
Missing API versioning Info Proxy Secure Configuration CWE-710
Policy is not linked to step Info Proxy Code Quality CWE-561
Resource is not linked to a policy Info Proxy Code Quality CWE-561