CVE-2024-9798
- EPSS 0.07%
- Veröffentlicht 10.10.2024 08:15:04
- Zuletzt bearbeitet 19.12.2024 17:00:16
The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers.
CVE-2024-9802
- EPSS 0.07%
- Veröffentlicht 10.10.2024 08:15:04
- Zuletzt bearbeitet 19.12.2024 17:00:21
The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the runn...
- EPSS 0.34%
- Veröffentlicht 17.07.2024 15:15:14
- Zuletzt bearbeitet 21.11.2024 09:50:23
A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. This allows access to a user to the endpoints requiring an internal client certificate without any crede...
CVE-2021-4314
- EPSS 0.06%
- Veröffentlicht 18.01.2023 16:15:11
- Zuletzt bearbeitet 03.04.2025 20:15:16
It is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate without valid JWT token as any user. This is happening only in the situation when zOSMF doesn’t have the APAR PH12143 applied. This issue affects: 1.1...