CVSS Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
There is no SSL/TLS encryption enabled on your server. All traffic to your web application is transported via unencrypted channels. This leaves your users vulnerable to man-in-the-middle attacks.
If you want to provide a secure way for your users to communicate with your web application. You should enable TLS encryption. Especially if any customer data is stored and a login with user credentials is offered, this shall in any case be offered. Enable TLS encryption by Configuring Trusted Certificates.