Vulnerabilities > Linuxfoundation > Zowe API Mediation Layer > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-10 CVE-2024-9798 Cleartext Storage of Sensitive Information vulnerability in Linuxfoundation Zowe API Mediation Layer
The health endpoint is public so everybody can see a list of all services.
network
low complexity
linuxfoundation CWE-312
5.3
5.3
2024-10-10 CVE-2024-9802 Cleartext Storage of Sensitive Information vulnerability in Linuxfoundation Zowe API Mediation Layer
The conformance validation endpoint is public so everybody can verify the conformance of onboarded services.
network
low complexity
linuxfoundation CWE-312
5.3
5.3
2023-01-18 CVE-2021-4314 Improper Authentication vulnerability in Linuxfoundation Zowe API Mediation Layer
It is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate without valid JWT token as any user.
network
low complexity
linuxfoundation CWE-287
5.3
5.3