What is CVE-2021-3814?

CVE-2021-3814 is a high-severity vulnerability in Redhat 3scale, classified under Missing Authorization. CVSS score: 7.5/10. Published 2022-03-25.

How severe is CVE-2021-3814?

High severity. CVSS v3 base score is 7.5 out of 10.

Auth bypass in Redhat 3scale

CVE-2021-3814

It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure.

Vulnerability class: Broken Access Control

EPSS: 0.011 (61.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Redhat 3scale
N/a 3scale — versions 3scale 2.11

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

secalert@redhat.com (x_refsource_MISC, Issue Tracking, Vendor Advisory)

Frequently asked questions

What is CVE-2021-3814?: CVE-2021-3814 is a high-severity vulnerability in Redhat 3scale, classified under Missing Authorization. CVSS score: 7.5/10. Published 2022-03-25.
How severe is CVE-2021-3814?: High severity. CVSS v3 base score is 7.5 out of 10.