cvedb.io
CVE-2024-6834
CRITICAL · CVSS 9
EPSS exploitation probability: 0%
Published 2024-07-17T15:15:14.970 · Last modified 2026-06-17T08:18:48.290

Summary

A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. This allows access to a user to the endpoints requiring an internal client certificate without any credentials. It could lead to managing components in there and allow an attacker to handle the whole communication including user credentials.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.