Zowe: Coordinated Vulnerability Disclosure for vulnerability in Imperative

Jakub Balhar

Dear zowe user,

We want to inform you about a new vulnerability that may affect your system. As a result, we are disclosing a finding.

The finding is a vulnerability that affects Zowe CLI via Imperative framework in versions prior to 1.28.2 and prior to 2.5.0. Further details of the vulnerability are in the attached PDF document.

The recommendation is to upgrade to version 1.28.2 or 2.5 or later version of the Zowe.

We understand how important it is for you to keep your systems secure and protected, and we are committed to helping you do so. If you have any questions or concerns, please don’t hesitate to contact us via:

Thank you for your understanding and continued support,
Zowe Technical Steering Committee

Jakub Balhar
R&D Product Marketing Engineer 5  |  Mainframe Software Division (MSD)
Broadcom Software

CA CZ | V Parku 2316/12 Chodov | Praha 4, 011 148 00
jakub.balhar@...   |   broadcom.com

This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.