Authorization

Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header "X-Endpoint-API-UserInfo", the application can use ...

CVE-2021-41130

CVE-2021-41130 affects Extensible Service Proxy (ESP), specifically ESPv1, where the verified JWT claim is exposed to the application via the HTTP header X-Endpoint-API-UserInfo. If a client sends two such headers, ESPv1 only replaces the first, allowing the second header to reach the application...

Extensible Service Proxy 安全漏洞

Extensible Service Proxy ESP is a proxy that enables API management for JSON/REST or gRPC API services. A security vulnerability exists in Extensible Service Proxy. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor announcement...

Google Extensible Service Proxy Header Forgery

Extensible Service Proxy a.k.a. ESP is an open source software by Google assisting Cloud Endpoints, a product on Google Cloud Platform. ESPv1 is an nginx based proxy which enables API management capabilities for JSON/REST or gRPC API services. In a typical deployment, ESP is running and fronting...

CVE-2021-3442

A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidentiality...

Command Execution Vulnerability in YApi

YApi is an api management platform designed to provide more elegant interface management services for developers, products, and testers. It can help developers easily create, publish and maintain APIs. YApi suffers from a command execution vulnerability. An attacker can exploit this vulnerability...

Unspecified Vulnerability in Red Hat 3scale

Red Hat 3scale is a suite of API Application Programming Interface lifecycle management software from Red Hat. A security vulnerability exists in 3scale that stems from the fact that the development portal login form does not validate CSRF tokens, and therefore does not protect against login CSRF...

CVE-2020-14388

A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced. This flaw allows an authenticated user to bypass normal account restrictions and access API services where they do not have permission...

Design/Logic Flaw

A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced. This flaw allows an authenticated user to bypass normal account restrictions and access API services where they do not have permission...

CVE-2020-14388

CVE-2020-14388 affects Red Hat 3scale API Management Platform. The issue is a permissions enforcement flaw where member permissions for an API's admin portal are not properly enforced, allowing an authenticated user to bypass normal account restrictions and access API services to which they do no...

CVE-2020-14388

A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced. This flaw allows an authenticated user to bypass normal account restrictions and access API services where they do not have permission...

Red Hat 3scale API Management Platform 安全漏洞

Red Hat 3scale API Management Platform is an API management infrastructure platform from Red Hat. It enables rapid API sharing, protection, distribution, control, and monetization. A security vulnerability exists in Red Hat 3scale API Management Platform that stems from the membership rights of t...

Gaining Insights Is Fundamental for API Security

As enterprises continue their digital transformation journey in this Post-COVID era, applications are the engine that drives their business growth. Whether it’s a digital-first enterprise or one that is accelerating its digital transformation initiatives, APIs are not only opening up systems so...

Moderate: Red Hat Security Advisory: Red Hat 3scale API Management 2.10.0 security update and release

A security update for Red Hat 3scale API Management Platform is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

Red Hat 3scale API Management Platform Input Validation Error Vulnerability

Red Hat 3scale API Management Platform is an API management infrastructure platform from Red Hat. It enables rapid implementation of API sharing, protection, distribution, control, and monetization. An input validation error vulnerability exists in Red Hat 3scale API Management Platform that allo...

Denial of service

A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yield an internal...

CVE-2021-20252

CVE-2021-20252 affects Red Hat 3scale API Management Platform 2. The vulnerability arises because the 3scale backend does not properly constrain user-requested date ranges in certain queries, allowing an authenticated user to submit a sufficiently large date range that can trigger an internal ser...

CVE-2021-20252

A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yield an internal...

IBM API Connect Information Disclosure Vulnerability (CNVD-2021-12646)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. An information disclosure vulnerability exists in IBM API Connect, which can be exploited by an...

ALSA-2020:4676 Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...