2 matches found
CVE-2024-6834 Imperative Local Command Injection allows Activity Masking
A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. This allows access to a user to the endpoints requiring an internal client certificate without any credentials. It could lead to managing components in...
PT-2024-37893 · Unknown · Apiml Spring Cloud Gateway
Name of the Vulnerable Software and Affected Versions: APIML Spring Cloud Gateway affected versions not specified Description: A vulnerability in APIML Spring Cloud Gateway allows unauthorized access to endpoints that require an internal client certificate. This occurs because the gateway...