1. Home
  2. CVE Database
  3. CVE-2024-6834
CRITICAL · 9.0

CVE-2024-6834

A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. This allows access to a user to the endpoints requirin...

Vulnerability Description

A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. This allows access to a user to the endpoints requiring an internal client certificate without any credentials. It could lead to managing components in there and allow an attacker to handle the whole communication including user credentials.

CVSS Score

9.0

CRITICAL

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Related Weaknesses (CWE)

CWE-250

References

FAQ

What is CVE-2024-6834?

CVE-2024-6834 is a vulnerability with a CVSS score of 9.0 (CRITICAL). A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. This allows access to a user to the endpoints requirin...

How severe is CVE-2024-6834?

CVE-2024-6834 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-6834?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.