What is CVE-2021-3412?

CVE-2021-3412 is a high-severity vulnerability in Redhat 3scale, classified under Improper Restriction of Excessive Authentication Attempts. CVSS score: 7.3/10. Published 2021-06-01.

How severe is CVE-2021-3412?

High severity. CVSS v3 base score is 7.3 out of 10.

Vulnerability in Redhat 3scale

CVE-2021-3412

It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduct further attacks.

EPSS: 0.008 (50.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L.

Affected products

Redhat 3scale
Redhat 3scale_api_management — versions 2.0
N/a 3scale — versions all versions

Weakness classification (CWE)

CWE-307 — Improper Restriction of Excessive Authentication Attempts

References

secalert@redhat.com (x_refsource_MISC, Issue Tracking, Vendor Advisory)

Frequently asked questions

What is CVE-2021-3412?: CVE-2021-3412 is a high-severity vulnerability in Redhat 3scale, classified under Improper Restriction of Excessive Authentication Attempts. CVSS score: 7.3/10. Published 2021-06-01.
How severe is CVE-2021-3412?: High severity. CVSS v3 base score is 7.3 out of 10.