4 matches found
CVE-2021-3814
CVE-2021-3814 affects 3scale’s APIdocs. The issue is that token validation is not performed correctly: when an invalid token is presented, the system falls back to session authentication, which can bypass access controls and lead to unauthorized information disclosure. This is described in multip...
CVE-2020-25634
CVE-2020-25634 affects Red Hat 3scale: an API documentation URL is accessible without credentials. This exposes or allows modification of service APIs and sensitive information. Affected versions are those before 3scale-2.10.0-ER1. Remediation provided in the documents is to upgrade to 3scale-2.1...
CVE-2019-14849
The CVE-2019-14849 entries describe a vulnerability in Red Hat 3scale API Management (before version 2.6) where the user session cookie was not tagged HttpOnly. This omission enables cross-site scripting and potential exposure of unauthorized information. Affected component: 3scale session cookie...
CVE-2021-3412
CVE-2021-3412 affects the 3Scale developer portal, with the root cause being missing brute-force protections in all portal versions. The vulnerability could allow an attacker to bypass login controls and access privileged information, potentially enabling further attacks. Exploitation details are...