Vulnerabilities > Linuxfoundation > Zowe API Mediation Layer > 1.17.0

DATE CVE VULNERABILITY TITLE RISK
2024-10-10 CVE-2024-9798 Cleartext Storage of Sensitive Information vulnerability in Linuxfoundation Zowe API Mediation Layer
The health endpoint is public so everybody can see a list of all services.
network
low complexity
linuxfoundation CWE-312
5.3
5.3
2023-01-18 CVE-2021-4314 Improper Authentication vulnerability in Linuxfoundation Zowe API Mediation Layer
It is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate without valid JWT token as any user.
network
low complexity
linuxfoundation CWE-287
5.3
5.3