What is CVE-2019-14836?

CVE-2019-14836 is a high-severity vulnerability in Redhat 3scale, classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.8/10. Published 2021-05-26.

How severe is CVE-2019-14836?

High severity. CVSS v3 base score is 8.8 out of 10.

CSRF in Redhat 3scale

CVE-2019-14836

A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks.

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.006 (43.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Redhat 3scale — versions 2.4
N/a Red Hat 3scale Api Management — versions Red Hat 3scale API Management 2.10.0

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

secalert@redhat.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2019-14836?: CVE-2019-14836 is a high-severity vulnerability in Redhat 3scale, classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.8/10. Published 2021-05-26.
How severe is CVE-2019-14836?: High severity. CVSS v3 base score is 8.8 out of 10.