Question on vulnerabilities (API Gateway Software)