Redhat 3scale
8 CVEs affecting Redhat 3scale. Latest disclosed: 2024-02-28. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-14836 | High | 8.8 | 2021-05-26 | A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access un… |
CVE-2021-3814 | High | 7.5 | 2022-03-25 | It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses ac… |
CVE-2021-3412 | High | 7.3 | 2021-06-01 | It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access p… |
CVE-2021-3752 | High | 7.1 | 2022-02-16 | A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a ra… |
CVE-2024-0560 | Medium | 6.3 | 2024-02-28 | A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_type is use_3scale_oidc_issuer_endpoint, the Toke… |
CVE-2020-10711 | Medium | 5.9 | 2020-05-22 | A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Se… |
CVE-2020-25634 | Medium | 5.4 | 2021-05-26 | A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or mo… |
CVE-2019-14849 | Medium | 5.4 | 2019-12-12 | A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cr… |