← Voltar para CVEs
CVE-2024-9802
MEDIUM5.3
Descricao
The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The attacker could also check if a service is running.
Detalhes CVE
Pontuacao CVSS v3.15.3
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado10/10/2024
Ultima modificacao12/19/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
linuxfoundation:zowe_api_mediation_layer
Fraquezas (CWE)
CWE-312CWE-312
Referencias
https://github.com/zowe/api-layer(zowe-security@lists.openmainframeproject.org)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.