Lucene search
K

122 matches found

RedhatCVE
RedhatCVE
added 2023/09/12 9:5 a.m.38 views

CVE-2023-4910

A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache. Mitigation No mitigation is yet available for this flaw...

5.5CVSS6.5AI score0.00212EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/09/12 12:0 a.m.7 views

Red Hat 3scale API Management Platform Security Vulnerability

Red Hat 3scale API Management Platform is an API management infrastructure platform from Red Hat. It enables rapid API sharing, protection, distribution, control, and monetization. A security vulnerability exists in Red Hat 3scale API Management Platform, which originates from a user logging out...

5.5CVSS6.9AI score0.00212EPSS
Exploits0References4
NVD
NVD
added 2022/10/19 6:15 p.m.31 views

CVE-2022-1414

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks...

8.8CVSS0.00764EPSS
Exploits0References2
CVE
CVE
added 2022/10/19 12:0 a.m.76 views

CVE-2022-1414

CVE-2022-1414 affects Red Hat 3scale API Management 2. The issue is inadequate sanitation of user input in multiple fields, allowing an authenticated user to inject scripts and potentially access sensitive information or conduct further attacks. Base CVSS v3.1 score is 8.8 (High) with Network att...

8.8CVSS8.6AI score0.00764EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/10/19 12:0 a.m.30 views

CVE-2022-1414

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks...

8.9AI score0.00764EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/10/19 12:0 a.m.25 views

CVE-2022-1414

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks...

6.5AI score0.00764EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/10/19 12:0 a.m.5 views

PT-2022-13870 · Red Hat · 3Scale Api Management 2

Name of the Vulnerable Software and Affected Versions: 3scale API Management 2 Description: The issue arises from inadequate sanitation of user input in multiple fields, allowing an authenticated user to inject scripts. This could potentially lead to access to sensitive information or further...

8.8CVSS8.3AI score0.00764EPSS
Exploits0References5
NVD
NVD
added 2022/04/27 9:15 p.m.24 views

CVE-2021-3523

A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address...

7.5CVSS0.00792EPSS
Exploits0References1
Prion
Prion
added 2022/04/27 9:15 p.m.20 views

Authentication flaw

A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address...

4.3CVSS7.4AI score0.00792EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/04/27 8:58 p.m.2317 views

CVE-2021-3523

3scale APICast (Red Hat 3scale) is affected in versions prior to 2.11.0. The root cause is incorrect reuse of connections, enabling an attacker to bypass API security restrictions when hosting multiple APIs on the same IP. CVSS v3.1 base score is 7.5 (HIGH); exploitation details are not provided....

7.5CVSS7.4AI score0.00792EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/04/27 8:58 p.m.26 views

CVE-2021-3523

A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address...

7.7AI score0.00792EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2022/04/26 6:28 p.m.63 views

CVE-2021-3523

A flaw was found in 3Scale APICast, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address...

7.5CVSS2.7AI score0.00792EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/04/20 12:59 p.m.46 views

CVE-2022-1414

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks...

8.8CVSS1.5AI score0.00764EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/04/19 12:0 a.m.4 views

Red Hat 3scale 输入验证错误漏洞

Red Hat 3scale is a suite of API Application Programming Interface lifecycle management software from Red Hat. A security vulnerability exists in the Red Hat 3scale system that originates from a script injection issue in multiple endpoints...

8.8CVSS8AI score0.00764EPSS
Exploits0References4
NVD
NVD
added 2022/03/25 7:15 p.m.18 views

CVE-2021-3814

It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure...

7.5CVSS0.01113EPSS
Exploits0References1
Prion
Prion
added 2022/03/25 7:15 p.m.24 views

Information disclosure

It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure...

5CVSS7.3AI score0.01113EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/03/25 6:2 p.m.88 views

CVE-2021-3814

CVE-2021-3814 affects 3scale’s APIdocs. The issue is that token validation is not performed correctly: when an invalid token is presented, the system falls back to session authentication, which can bypass access controls and lead to unauthorized information disclosure. This is described in multip...

7.5CVSS7.3AI score0.01113EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/03/25 6:2 p.m.25 views

CVE-2021-3814

It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure...

7.5AI score0.01113EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/12/16 6:2 p.m.61 views

Moderate: Red Hat Security Advisory: Red Hat 3scale API Management 2.11.1 Release - Container Images

Red Hat 3scale API Management 2.11.1 Release - Container Images A security update for Red Hat 3scale API Management is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CV...

4.3CVSS6.6AI score0.01109EPSS
Exploits0References24
RedHat Linux
RedHat Linux
added 2021/10/14 7:53 a.m.94 views

Important: Red Hat Security Advisory: Red Hat 3scale API Management 2.11.0 Release - Container Images

Red Hat 3scale API Management 2.11.0 Release - Container Images A security update for Red Hat 3scale API Management is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...

7.7CVSS6.9AI score0.52838EPSS
Exploits12References4
Rows per page
Query Builder