← Retour aux CVEs
CVE-2024-9802
MEDIUM5.3
Description
The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The attacker could also check if a service is running.
Details CVE
Score CVSS v3.15.3
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie10/10/2024
Derniere modification12/19/2024
Sourcenvd
Observations honeypot0
Produits affectes
linuxfoundation:zowe_api_mediation_layer
Faiblesses (CWE)
CWE-312CWE-312
References
https://github.com/zowe/api-layer(zowe-security@lists.openmainframeproject.org)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.