CVE-2024-9798

The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers.

CVSS v3 9.0 CRITICAL

9.0^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.2 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/zowe/api-layer	Product

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:linuxfoundation:api_mediation_layer::::::::
	cpe:2.3:a:linuxfoundation:api_mediation_layer::::::::

History

25 Nov 2024, 18:00

Type	Values Removed	Values Added
First Time		Linuxfoundation Linuxfoundation api Mediation Layer
References	~~() https://github.com/zowe/api-layer -~~	() https://github.com/zowe/api-layer - Product
CPE		cpe:2.3:a:linuxfoundation:api_mediation_layer::::::::

10 Oct 2024, 15:35

Type	Values Removed	Values Added
CWE		CWE-312

10 Oct 2024, 12:51

Type	Values Removed	Values Added
Summary		(es) El endpoint de salud es público, por lo que todos pueden ver una lista de todos los servicios. Es información potencialmente valiosa para los atacantes.

10 Oct 2024, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-10 08:15

Updated : 2024-11-25 18:00

NVD link : CVE-2024-9798

Mitre link : CVE-2024-9798

CVE.ORG link : CVE-2024-9798

JSON object : View

Products Affected

linuxfoundation

api_mediation_layer

CWE

CWE-312

Cleartext Storage of Sensitive Information

{"id": "CVE-2024-9798", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "zowe-security@lists.openmainframeproject.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-10-10T08:15:04.207", "references": [{"url": "https://github.com/zowe/api-layer", "tags": ["Product"], "source": "zowe-security@lists.openmainframeproject.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-312"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers."}, {"lang": "es", "value": "El endpoint de salud es p\u00fablico, por lo que todos pueden ver una lista de todos los servicios. Es informaci\u00f3n potencialmente valiosa para los atacantes."}], "lastModified": "2024-11-25T18:00:47.637", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:api_mediation_layer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B9B17C8-D7CB-4E68-8FCB-DB748815328C", "versionEndExcluding": "1.28.8", "versionStartIncluding": "1.0.0"}, {"criteria": "cpe:2.3:a:linuxfoundation:api_mediation_layer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE047C55-2406-49E6-A84D-29FC747A3C2B", "versionEndExcluding": "2.18.0", "versionStartIncluding": "2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "zowe-security@lists.openmainframeproject.org"}