{"api_version":"1","generated_at":"2026-04-22T23:22:20+00:00","cve":"CVE-2022-1414","urls":{"html":"https://cve.report/CVE-2022-1414","api":"https://cve.report/api/cve/CVE-2022-1414.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-1414","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-1414"},"summary":{"title":"CVE-2022-1414","description":"3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2022-10-19 18:15:00","updated_at":"2022-10-21 16:59:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2022-1414","name":"https://access.redhat.com/security/cve/CVE-2022-1414","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2076794","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2076794","refsource":"MISC","tags":[],"title":"2076794 – (CVE-2022-1414) CVE-2022-1414 3scale-system: script injection in multiple endpoints","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-1414","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1414","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"1414","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"3scale_api_management","cpe6":"2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-1414","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-1173","cweId":"CWE-1173"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"3scale-amp-system","version":{"version_data":[{"version_affected":"=","version_value":"3scale-amp-system as shipped in 3scale-AMP 2"}]}}]}}]}},"references":{"reference_data":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2076794","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2076794"},{"url":"https://access.redhat.com/security/cve/CVE-2022-1414","refsource":"MISC","name":"https://access.redhat.com/security/cve/CVE-2022-1414"}]}},"nvd":{"publishedDate":"2022-10-19 18:15:00","lastModifiedDate":"2022-10-21 16:59:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:3scale_api_management:2.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}