This rule checks for rows on the sys_group_has_role table (Group Roles) which contain empty role references. If there are unassigned roles it could mean a potentially loss of functionality of certain apps as some may require roles. Also empty roles assigned to a user generate extra effort to security administrators and can lead to improper access control.
Edit the role field in the sys_group_has_role table and change the empty reference to the a valid one or delete the record if it is not needed
Time to fix