{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-26T05:29:52.149","vulnerabilities":[{"cve":{"id":"CVE-2024-9802","sourceIdentifier":"zowe-security@lists.openmainframeproject.org","published":"2024-10-10T08:15:04.387","lastModified":"2026-06-17T08:25:17.143","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The attacker could also check if a service is running."},{"lang":"es","value":"El endpoint de validación de conformidad es público, por lo que todos pueden verificar la conformidad de los servicios incorporados. La respuesta podría contener información específica sobre el servicio, incluidos los endpoints disponibles y swagger. Podría informar a un atacante sobre la versión en ejecución de un servicio. El atacante también podría verificar si un servicio está en ejecución."}],"affected":[{"source":"zowe-security@lists.openmainframeproject.org","affectedData":[{"vendor":"Open Mainframe Project","product":"Zowe","versions":[{"version":"2.11.0","lessThan":"2.17.0","versionType":"semver","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"linuxfoundation","product":"zowe_api_mediation_layer","defaultStatus":"unknown","cpes":["cpe:2.3:a:linuxfoundation:zowe_api_mediation_layer:*:*:*:*:*:*:*:*"],"versions":[{"version":"2.11.0","lessThan":"2.17.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"zowe-security@lists.openmainframeproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-10-10T13:45:19.081095Z","id":"CVE-2024-9802","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-312"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-312"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:linuxfoundation:zowe_api_mediation_layer:*:*:*:*:*:*:*:*","versionStartIncluding":"2.11.0","versionEndExcluding":"2.17.0","matchCriteriaId":"454F6E4D-504F-4080-95F4-4D0A771C52D3"}]}]}],"references":[{"url":"https://github.com/zowe/api-layer","source":"zowe-security@lists.openmainframeproject.org","tags":["Product"]}]}}]}