Lucene search
K

122 matches found

CNNVD
CNNVD
added 2021/10/14 12:0 a.m.5 views

Red Hat 3scale API Management Platform 输入验证错误漏洞

Red Hat 3scale API Management Platform is an API management infrastructure platform from Red Hat. It enables rapid API sharing, protection, distribution, control, and monetization. Red Hat 3scale API Management Platform has an input validation error vulnerability vulnerability, there is currently...

5.4CVSS5.8AI score0.00416EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2021/09/22 7:57 p.m.70 views

CVE-2021-3814

A flaw was found in 3scale's API docs, where it does not validate the access token. In the case of an invalid token, it uses session auth instead. This issue possibly bypasses access controls and permits unauthorized information disclosure...

7.5CVSS2.5AI score0.01113EPSS
Exploits0References3
CNVD
CNVD
added 2021/06/03 12:0 a.m.7 views

Unspecified Vulnerability in Red Hat 3scale

Red Hat 3scale is a suite of API Application Programming Interface lifecycle management software from Red Hat. A security vulnerability exists in 3scale that stems from the fact that the development portal login form does not validate CSRF tokens, and therefore does not protect against login CSRF...

8.8CVSS6.8AI score0.0058EPSS
Exploits0References1
NVD
NVD
added 2021/06/02 1:15 p.m.20 views

CVE-2020-14388

A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced. This flaw allows an authenticated user to bypass normal account restrictions and access API services where they do not have permission...

6.5CVSS0.00598EPSS
Exploits0References1
OSV
OSV
added 2021/06/02 1:15 p.m.4 views

CVE-2020-14388

A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced. This flaw allows an authenticated user to bypass normal account restrictions and access API services where they do not have permission...

6.3CVSS6.5AI score0.00598EPSS
Exploits0References1
Prion
Prion
added 2021/06/02 1:15 p.m.21 views

Design/Logic Flaw

A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced. This flaw allows an authenticated user to bypass normal account restrictions and access API services where they do not have permission...

6.5CVSS6.2AI score0.00598EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/06/02 12:37 p.m.22 views

CVE-2020-14388

A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced. This flaw allows an authenticated user to bypass normal account restrictions and access API services where they do not have permission...

6.3AI score0.00598EPSS
Exploits0References1
CVE
CVE
added 2021/06/02 12:37 p.m.72 views

CVE-2020-14388

CVE-2020-14388 affects Red Hat 3scale API Management Platform. The issue is a permissions enforcement flaw where member permissions for an API's admin portal are not properly enforced, allowing an authenticated user to bypass normal account restrictions and access API services to which they do no...

6.5CVSS6.2AI score0.00598EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/06/02 12:0 a.m.4 views

Red Hat 3scale API Management Platform 安全漏洞

Red Hat 3scale API Management Platform is an API management infrastructure platform from Red Hat. It enables rapid API sharing, protection, distribution, control, and monetization. A security vulnerability exists in Red Hat 3scale API Management Platform that stems from the membership rights of t...

6.5CVSS6.6AI score0.00598EPSS
Exploits0References1
NVD
NVD
added 2021/06/01 2:15 p.m.18 views

CVE-2021-3412

It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduct further attacks...

7.3CVSS0.0076EPSS
Exploits0References1
OSV
OSV
added 2021/06/01 2:15 p.m.18 views

CVE-2021-3412

It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduct further attacks...

7.3CVSS7.1AI score
Exploits0References1
Prion
Prion
added 2021/06/01 2:15 p.m.17 views

Design/Logic Flaw

It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduct further attacks...

5CVSS7.3AI score0.0076EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/06/01 1:47 p.m.69 views

CVE-2021-3412

CVE-2021-3412 affects the 3Scale developer portal, with the root cause being missing brute-force protections in all portal versions. The vulnerability could allow an attacker to bypass login controls and access privileged information, potentially enabling further attacks. Exploitation details are...

7.3CVSS7.3AI score0.0076EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2021/06/01 1:47 p.m.22 views

CVE-2021-3412

It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduct further attacks...

7.5AI score0.0076EPSS
Exploits0References1
NVD
NVD
added 2021/05/26 9:15 p.m.19 views

CVE-2020-25634

A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or modify service APIs. Versions before 3scale-2.10.0-ER1 are affected...

5.5CVSS0.00517EPSS
Exploits0References1
OSV
OSV
added 2021/05/26 9:15 p.m.6 views

CVE-2020-25634

A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or modify service APIs. Versions before 3scale-2.10.0-ER1 are affected...

5.4CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2021/05/26 9:15 p.m.24 views

Design/Logic Flaw

A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or modify service APIs. Versions before 3scale-2.10.0-ER1 are affected...

5.5CVSS5.2AI score0.00517EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2021/05/26 8:54 p.m.83 views

CVE-2020-25634

CVE-2020-25634 affects Red Hat 3scale: an API documentation URL is accessible without credentials. This exposes or allows modification of service APIs and sensitive information. Affected versions are those before 3scale-2.10.0-ER1. Remediation provided in the documents is to upgrade to 3scale-2.1...

5.5CVSS5.2AI score0.00517EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2021/05/26 8:54 p.m.24 views

CVE-2020-25634

A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or modify service APIs. Versions before 3scale-2.10.0-ER1 are affected...

5.3AI score0.00517EPSS
Exploits0References1
NVD
NVD
added 2021/05/26 12:15 p.m.25 views

CVE-2019-14836

A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks...

8.8CVSS0.0058EPSS
Exploits0References1
Rows per page
Query Builder