CVE-2024-9802 Vulnerability Details

  /     /     /  

CVE-2024-9802 Metadata Quick Info

CVE Published: 10/10/2024 | CVE Updated: 10/10/2024 | CVE Year: 2024
Source: Zowe | Vendor: Open Mainframe Project | Product: Zowe
Status : PUBLISHED

---

CVE-2024-9802 Description

The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The attacker could also check if a service is running.

Metrics

CVSS Version: 3.1 | Base Score: 5.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name:
Source: Open Mainframe Project

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: