{"api_version":"1","generated_at":"2026-04-22T21:27:03+00:00","cve":"CVE-2019-14852","urls":{"html":"https://cve.report/CVE-2019-14852","api":"https://cve.report/api/cve/CVE-2019-14852.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-14852","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-14852"},"summary":{"title":"CVE-2019-14852","description":"A flaw was found in 3scale’s APIcast gateway that enabled the TLS 1.0 protocol. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to unauthorized information. Version shipped in Red Hat 3scale API Management Platform is vulnerable to this issue.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2021-03-18 20:15:00","updated_at":"2021-06-04 12:07:00"},"problem_types":["CWE-327"],"metrics":[],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1758208","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1758208","refsource":"MISC","tags":[],"title":"1758208 – (CVE-2019-14852) CVE-2019-14852 apicast: deprecated protocol TLS 1.0 enabled in gateway","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-14852","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14852","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"14852","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"3scale_api_management","cpe6":"2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"14852","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"3scale_api_management_platform","cpe6":"2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2019-14852","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in 3scale’s APIcast gateway that enabled the TLS 1.0 protocol. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to unauthorized information. Version shipped in Red Hat 3scale API Management Platform is vulnerable to this issue."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-327","cweId":"CWE-327"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"apicast","version":{"version_data":[{"version_affected":"=","version_value":"As shipped with Red Hat 3scale API Management Platform"}]}}]}}]}},"references":{"reference_data":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1758208","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1758208"}]}},"nvd":{"publishedDate":"2021-03-18 20:15:00","lastModifiedDate":"2021-06-04 12:07:00","problem_types":["CWE-327"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:3scale_api_management:2.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"14852","Ordinal":"154061","Title":"CVE-2019-14852","CVE":"CVE-2019-14852","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"14852","Ordinal":"1","NoteData":"A flaw was found in 3scale’s APIcast gateway that enabled the TLS 1.0 protocol. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to unauthorized information. Version shipped in Red Hat 3scale API Management Platform is vulnerable to this issue.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"14852","Ordinal":"2","NoteData":"2021-03-18","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"14852","Ordinal":"3","NoteData":"2021-03-18","Type":"Other","Title":"Modified"}]}}}