Open Mainframe Project

2 Products 7 CVEs

CVE Severity Distribution (All Time)

Critical

High

Medium

Low

Timeline Overview

Last 30 Days 0 CVEs

Last 6 Months 0 CVEs

Last Year 0 CVEs

Products

View all

Zowe

6 Versions 6 CVEs

Zowe CLI - Imperative

1 Version 1 CVE

Recent CVEs

CVE-2024-9802 MEDIUM 1 year, 1 month ago

The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific info…

CVE-2024-9798 MEDIUM 1 year, 1 month ago

The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers.

CVE-2024-6916 MEDIUM 1 year, 4 months ago

A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-in…

CVE-2024-6834 CRITICAL 1 year, 4 months ago

A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. Thi…

CVE-2024-6833 MEDIUM 1 year, 4 months ago

A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-ini…

CVE-2021-4326 LOW 2 years, 9 months ago

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update co…

CVE-2021-4314 UNKNOWN 2 years, 10 months ago

It is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate without valid JWT token as any user. This is happ…