Known Vulnerabilities
CVE-2024-9798
The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers.
MEDIUM
CVSS 5.3
Published Oct 10, 2024
CVE-2021-4326
A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI.
LOW
CVSS 3.3
Published Feb 22, 2023