CVE-2025-37736

Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts...

CVE-2025-37736 Elastic Cloud Enterprise Improper Authorization

Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts...

CVE-2025-25231

Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests read-only to restricted API endpoints...

CVE-2023-35937 Metersphere missing permission check

Metersphere is an open source continuous testing platform. In versions prior to 2.10.2 LTS, some key APIs in Metersphere lack permission checks. This allows ordinary users to execute APIs that can only be executed by space administrators or project administrators. For example, ordinary users can ...

Red Hat 3scale Authentication Bypass Vulnerability

Red Hat 3scale aka RH-3scale API Management Platform AMP is an API Application Programming Interface management platform from Red Hat. The platform includes API tools for access control, rate limiting, analytics, billing and payment. A security vulnerability exists in Red Hat 3scale AMP versions...

Authentication flaw

Red Hat 3scale aka RH-3scale API Management Platform AMP before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. NOTE: some sources have a typo in which CVE-2017-7512...

CVE-2017-7512

Red Hat 3scale aka RH-3scale API Management Platform AMP before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. NOTE: some sources have a typo in which CVE-2017-7512...

Important: Red Hat Security Advisory: Red Hat 3scale API Management Platform 2.0.0 security update

A security update for Red Hat 3scale API Management Platform 2.0.0 is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2017-7512

It was found that RH-3scale AMP would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs...

CVE-2017-7512

Red Hat 3scale aka RH-3scale API Management Platform AMP before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. NOTE: some sources have a typo in which CVE-2017-7512...