What is CVE-2019-14849?

CVE-2019-14849 is a medium-severity vulnerability in Redhat 3scale, classified under Insertion of Sensitive Information into Sent Data. CVSS score: 5.4/10. Published 2019-12-12.

How severe is CVE-2019-14849?

Medium severity. CVSS v3 base score is 5.4 out of 10.

XSS in Redhat 3scale

CVE-2019-14849

A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information.

EPSS: 0.005 (40.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N.

Affected products

Redhat 3scale
N/a 3scale — versions n/a

Weakness classification (CWE)

CWE-201 — Insertion of Sensitive Information into Sent Data
CWE-79 — Cross-site Scripting

References

secalert@redhat.com (x_refsource_CONFIRM, Issue Tracking, Vendor Advisory)

Frequently asked questions

What is CVE-2019-14849?: CVE-2019-14849 is a medium-severity vulnerability in Redhat 3scale, classified under Insertion of Sensitive Information into Sent Data. CVSS score: 5.4/10. Published 2019-12-12.
How severe is CVE-2019-14849?: Medium severity. CVSS v3 base score is 5.4 out of 10.