Redhat 3scale_api_management
12 CVEs affecting Redhat 3scale_api_management. Latest disclosed: 2024-10-24. Critical: 0, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-1414 | High | 8.8 | 2022-10-19 | 3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and… |
CVE-2021-3656 | High | 8.8 | 2022-03-04 | A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provi… |
CVE-2022-0330 | High | 7.8 | 2022-03-25 | A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw… |
CVE-2019-10216 | High | 7.8 | 2019-11-27 | In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions… |
CVE-2024-10295 | High | 7.5 | 2024-10-24 | A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed bas… |
CVE-2019-14852 | High | 7.5 | 2021-03-18 | A flaw was found in 3scale’s APIcast gateway that enabled the TLS 1.0 protocol. An attacker could target traffic using this weaker protocol and break its encry… |
CVE-2021-3412 | High | 7.3 | 2021-06-01 | It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access p… |
CVE-2021-3609 | High | 7.0 | 2022-03-03 | .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash… |
CVE-2021-20252 | Medium | 6.5 | 2021-02-23 | A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain… |
CVE-2020-14388 | Medium | 6.3 | 2021-06-02 | A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced. This flaw allows… |
CVE-2023-4910 | Medium | 5.5 | 2023-11-06 | A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is r… |
CVE-2020-25634 | Medium | 5.4 | 2021-05-26 | A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or mo… |