3 matches found
CVE-2024-9798
CVE-2024-9798 concerns a public health endpoint that reveals a list of onboarded services. Connected sources tie this to Zowe API Mediation Layer health endpoint exposure, describing the impact as potentially valuable information for attackers and identifying a remediation path. Affected componen...
CVE-2024-9802
The CVE-2024-9802 entry concerns the Zowe API Mediation Layer’s conformance validation endpoint, which is publicly accessible. Public responses may reveal service details (endpoints, swagger) and potentially indicate the running version and whether a service is active. This information exposure i...
CVE-2021-4314
The connected PT-2023-12418 entry provides concrete details for CVE-2021-4314: affected software is zOSMF versions 1.16–1.19. The root cause is bypass of JWT token validation when APAR PH12143 is not applied, causing ZAAS client/API ML API queries to accept forged tokens and authenticate as other...