Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Imperative Local Command Injection allows Activity Masking
Vulnerability Description
A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. This allows access to a user to the endpoints requiring an internal client certificate without any credentials. It could lead to managing components in there and allow an attacker to handle the whole communication including user credentials.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
API Mediation Layer 安全漏洞
Vulnerability Description
API Mediation Layer是Zowe开源的一个 API 中介层。为大型机服务 REST API 提供单点访问。 API Mediation Layer 存在安全漏洞。没有任何凭据的攻击者利用该漏洞可访问需要内部客户端证书的端点。
CVSS Information
N/A
Vulnerability Type
N/A