CVE-2024-6834

A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. This allows access to a user to the endpoints requiring an internal client certificate without any credentials. It could lead to managing components in...

CVE-2024-6834

APIML Spring Cloud Gateway is affected by a vulnerability where proxy requests are unexpectedly signed with Zowe’s client certificate, allowing non-privileged users to access endpoints that require an internal client certificate without any credentials. This can enable an attacker to manage compo...

CVE-2024-6834 Imperative Local Command Injection allows Activity Masking

A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. This allows access to a user to the endpoints requiring an internal client certificate without any credentials. It could lead to managing components in...

PT-2024-37893 · Unknown · Apiml Spring Cloud Gateway

Name of the Vulnerable Software and Affected Versions: APIML Spring Cloud Gateway affected versions not specified Description: A vulnerability in APIML Spring Cloud Gateway allows unauthorized access to endpoints that require an internal client certificate. This occurs because the gateway...