Known Vulnerabilities for 3scale by Redhat
Listed below are 7 of the newest known vulnerabilities associated with "3scale" by "Redhat".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-3814 | It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth ins... | 7.5 - HIGH | 2022-03-25 | 2022-04-07 |
| CVE-2021-3752 | A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and d... | 7.1 - HIGH | 2022-02-16 | 2023-11-09 |
| CVE-2021-3412 | It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to b... | 7.3 - HIGH | 2021-06-01 | 2022-06-03 |
| CVE-2020-25634 | A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker... | 5.4 - MEDIUM | 2021-05-26 | 2022-10-21 |
| CVE-2020-10711 | A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs wh... | 5.9 - MEDIUM | 2020-05-22 | 2023-11-07 |
| CVE-2019-14849 | A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An att... | 5.4 - MEDIUM | 2019-12-12 | 2023-02-12 |
| CVE-2019-14836 | A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacke... | 8.8 - HIGH | 2021-05-26 | 2023-02-12 |