CVE-2024-9798

Summary

The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers.

Affected Software

VendorProductVersion RangeStatus
Open Mainframe ProjectZowe2.0.0 < 2.18.0affected
Open Mainframe ProjectZowe1.0.0 < 1.28.8affected

Weaknesses

Workarounds

No workaround is available.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References