122 matches found
CVE-2023-4910
A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache. Mitigation No mitigation is yet available for this flaw...
Red Hat 3scale API Management Platform Security Vulnerability
Red Hat 3scale API Management Platform is an API management infrastructure platform from Red Hat. It enables rapid API sharing, protection, distribution, control, and monetization. A security vulnerability exists in Red Hat 3scale API Management Platform, which originates from a user logging out...
CVE-2022-1414
3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks...
CVE-2022-1414
CVE-2022-1414 affects Red Hat 3scale API Management 2. The issue is inadequate sanitation of user input in multiple fields, allowing an authenticated user to inject scripts and potentially access sensitive information or conduct further attacks. Base CVSS v3.1 score is 8.8 (High) with Network att...
CVE-2022-1414
3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks...
CVE-2022-1414
3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks...
PT-2022-13870 · Red Hat · 3Scale Api Management 2
Name of the Vulnerable Software and Affected Versions: 3scale API Management 2 Description: The issue arises from inadequate sanitation of user input in multiple fields, allowing an authenticated user to inject scripts. This could potentially lead to access to sensitive information or further...
CVE-2021-3523
A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address...
Authentication flaw
A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address...
CVE-2021-3523
3scale APICast (Red Hat 3scale) is affected in versions prior to 2.11.0. The root cause is incorrect reuse of connections, enabling an attacker to bypass API security restrictions when hosting multiple APIs on the same IP. CVSS v3.1 base score is 7.5 (HIGH); exploitation details are not provided....
CVE-2021-3523
A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address...
CVE-2021-3523
A flaw was found in 3Scale APICast, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address...
CVE-2022-1414
3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks...
Red Hat 3scale 输入验证错误漏洞
Red Hat 3scale is a suite of API Application Programming Interface lifecycle management software from Red Hat. A security vulnerability exists in the Red Hat 3scale system that originates from a script injection issue in multiple endpoints...
CVE-2021-3814
It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure...
Information disclosure
It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure...
CVE-2021-3814
CVE-2021-3814 affects 3scale’s APIdocs. The issue is that token validation is not performed correctly: when an invalid token is presented, the system falls back to session authentication, which can bypass access controls and lead to unauthorized information disclosure. This is described in multip...
CVE-2021-3814
It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure...
Moderate: Red Hat Security Advisory: Red Hat 3scale API Management 2.11.1 Release - Container Images
Red Hat 3scale API Management 2.11.1 Release - Container Images A security update for Red Hat 3scale API Management is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CV...
Important: Red Hat Security Advisory: Red Hat 3scale API Management 2.11.0 Release - Container Images
Red Hat 3scale API Management 2.11.0 Release - Container Images A security update for Red Hat 3scale API Management is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...