Auth bypass in Linuxfoundation Zowe_api_mediation_layer

CVE-2021-4314

It is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate without valid JWT token as any user. This is happening only in the situation when zOSMF doesn’t have the APAR PH12143 applied. This issue a…

Vulnerability class: Privilege Escalation

EPSS: 0.004 (35.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2021-4314?
CVE-2021-4314 is a medium-severity vulnerability in Linuxfoundation Zowe_api_mediation_layer, classified under Improper Privilege Management. CVSS score: 5.3/10. Published 2023-01-18.
How severe is CVE-2021-4314?
Medium severity. CVSS v3 base score is 5.3 out of 10.