{"api_version":"1","generated_at":"2026-04-23T01:11:56+00:00","cve":"CVE-2019-14836","urls":{"html":"https://cve.report/CVE-2019-14836","api":"https://cve.report/api/cve/CVE-2019-14836.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-14836","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-14836"},"summary":{"title":"CVE-2019-14836","description":"A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2021-05-26 12:15:00","updated_at":"2023-02-12 23:35:00"},"problem_types":["CWE-352"],"metrics":[],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2019-14836,","name":"https://access.redhat.com/security/cve/CVE-2019-14836,","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2021:1129","name":"https://access.redhat.com/errata/RHSA-2021:1129","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1750928","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1750928","refsource":"MISC","tags":[],"title":"1750928 – (CVE-2019-14836) CVE-2019-14836 3scale: dev portal missing protection against login CSRF","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/security/cve/CVE-2019-14836","name":"https://access.redhat.com/security/cve/CVE-2019-14836","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847605","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1847605","refsource":"MISC","tags":[],"title":"1847605 – (CVE-2020-10777) CVE-2020-10777 CloudForms: Cross Site Scripting in report menu title / HTML Code Injection","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-14836","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14836","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"14836","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"3scale","cpe6":"2.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2019-14836","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Cross-Site Request Forgery (CSRF)"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Red Hat 3scale API Management","version":{"version_data":[{"version_affected":"=","version_value":"Red Hat 3scale API Management 2.10.0"}]}}]}}]}},"references":{"reference_data":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847605","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1847605"}]}},"nvd":{"publishedDate":"2021-05-26 12:15:00","lastModifiedDate":"2023-02-12 23:35:00","problem_types":["CWE-352"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:3scale:2.4:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"14836","Ordinal":"154045","Title":"CVE-2019-14836","CVE":"CVE-2019-14836","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"14836","Ordinal":"1","NoteData":"A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"14836","Ordinal":"2","NoteData":"2021-05-26","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"14836","Ordinal":"3","NoteData":"2021-06-02","Type":"Other","Title":"Modified"}]}}}