Pavel Jareš

**Name of the Vulnerable Software and Affected Versions** Zowe versions 1.0.0 through 1.28.8 Zowe versions 2.0.0 through 2.18.0 **Description** The health endpoint is public, allowing everybody to see a list of all services, which is potentially valuable information for attackers. **Recommendations** For Zowe versions 1.0.0 through 1.28.8, upgrade to version 2.18.0 or later to safeguard services. For Zowe versions 2.0.0 through 2.18.0, upgrade to version 2.18.0 or later to safeguard services.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The conformance validation endpoint is publicly accessible, allowing anyone to verify the conformance of onboarded services. The response from this endpoint may contain specific information about the service, including available endpoints and swagger details. This could potentially advise an attacker about the running version of a service and whether a service is currently running. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.