The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The attacker could also check if a service is running.
References
History

Thu, 19 Dec 2024 17:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:linuxfoundation:api_mediation_layer:*:*:*:*:*:*:*:*
Vendors & Products Linuxfoundation api Mediation Layer

Mon, 25 Nov 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Linuxfoundation api Mediation Layer
CPEs cpe:2.3:a:linuxfoundation:api_mediation_layer:*:*:*:*:*:*:*:*
Vendors & Products Linuxfoundation api Mediation Layer

Thu, 10 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-312

Thu, 10 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Linuxfoundation
Linuxfoundation zowe Api Mediation Layer
CPEs cpe:2.3:a:linuxfoundation:zowe_api_mediation_layer:*:*:*:*:*:*:*:*
Vendors & Products Linuxfoundation
Linuxfoundation zowe Api Mediation Layer
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 10 Oct 2024 08:00:00 +0000

Type Values Removed Values Added
Description The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The attacker could also check if a service is running.
Title Conformance validation endpoint discloses detail about service to unauthenticated users
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Zowe

Published: 2024-10-10T07:41:03.374Z

Updated: 2024-10-10T14:22:43.244Z

Reserved: 2024-10-10T07:41:03.236Z

Link: CVE-2024-9802

cve-icon Vulnrichment

Updated: 2024-10-10T13:50:58.056Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-10T08:15:04.387

Modified: 2024-12-19T17:00:21.353

Link: CVE-2024-9802

cve-icon Redhat

No data.