Vulnerabilities in Open Mainframe Project
7 resultsCVE-2021-4314MEDIUMIt is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate without valid JWT token as any user. ThiEPSS 0.4%CVE-2024-6834CRITICALImperative Local Command Injection allows Activity MaskingEPSS 0.3%CVE-2021-4326LOWImperative Local Command Injection allows Activity MaskingEPSS 0.3%CVE-2024-9798MEDIUMHealth endpoint offers list of onboarded services to unauthenticated usersEPSS 0.2%CVE-2024-9802MEDIUMConformance validation endpoint discloses detail about service to unauthenticated usersEPSS 0.2%CVE-2024-6833MEDIUMZowe CLI Auto-Init Leaks Credentials LocallyEPSS 0.1%CVE-2024-6916MEDIUMZowe CLI --show-inputs-only displays securely stored propertiesEPSS 0.1%