SOAP Request Strict Security should be enabled

Rule ID

Impact

Without appropriate authorization configured on the incoming SOAP requests, an unauthorized user can get access to sensitive content/data on the target instance.

Remediation

Set the system property "glide.soap.strict_security" to true.

Time to fix

15 min

References

This rule is linked to Common Weakness Enumeration CWE-862 Missing Authorization.