Lucene search
+L

4 matches found

CVE
CVE
added 2022/03/25 6:2 p.m.89 views

CVE-2021-3814

CVE-2021-3814 affects 3scale’s APIdocs. The issue is that token validation is not performed correctly: when an invalid token is presented, the system falls back to session authentication, which can bypass access controls and lead to unauthorized information disclosure. This is described in multip...

7.5CVSS7.3AI score0.01113EPSS
CVE
CVE
added 2021/05/26 8:54 p.m.86 views

CVE-2020-25634

CVE-2020-25634 affects Red Hat 3scale: an API documentation URL is accessible without credentials. This exposes or allows modification of service APIs and sensitive information. Affected versions are those before 3scale-2.10.0-ER1. Remediation provided in the documents is to upgrade to 3scale-2.1...

5.5CVSS5.2AI score0.00517EPSS
CVE
CVE
added 2019/12/12 1:14 p.m.84 views

CVE-2019-14849

The CVE-2019-14849 entries describe a vulnerability in Red Hat 3scale API Management (before version 2.6) where the user session cookie was not tagged HttpOnly. This omission enables cross-site scripting and potential exposure of unauthorized information. Affected component: 3scale session cookie...

5.4CVSS5.3AI score0.00528EPSS
CVE
CVE
added 2021/06/01 1:47 p.m.71 views

CVE-2021-3412

CVE-2021-3412 affects the 3Scale developer portal, with the root cause being missing brute-force protections in all portal versions. The vulnerability could allow an attacker to bypass login controls and access privileged information, potentially enabling further attacks. Exploitation details are...

7.3CVSS7.3AI score0.0076EPSS