Connection to the system is not encrypted
|
Critical |
ServiceCallout
MessageLogging
Target |
Data in Transit |
CWE-319
|
Lack of certificate validation
|
Critical |
ServiceCallout
MessageLogging
Target |
Data in Transit |
CWE-295
|
No TLS protocol specified in connection definition
|
High |
ServiceCallout
MessageLogging
Target |
Data in Transit |
CWE-327
|
Lack of DefaultFaultRule
|
Medium |
Target
Proxy |
Error Handling |
CWE-390
|
MatchesPath is applied to a static parameter
|
Medium |
Target
Proxy |
Code Quality
Data Validation |
CWE-20
|
ServiceCallout policy uses default message object as a request
|
Medium |
ServiceCallout |
Code Quality |
CWE-200
|
ServiceCallout policy uses default message object as a response
|
Medium |
ServiceCallout |
Code Quality |
CWE-200
|