Vulnerabilities > CVE-2019-14849 - Unspecified vulnerability in Redhat 3Scale 2.0/2.4

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

redhat

NVD

Published: 2019-12-12

Updated: 2024-11-21

Summary

A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat 3Scale - Redhat 3Scale 2.0 Redhat 3Scale 2.4	3

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14849
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14849