Vulnerabilities > CVE-2021-20252 - Unspecified vulnerability in Redhat 3Scale API Management 2.0

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

redhat

NVD

Published: 2021-02-23

Updated: 2024-11-21

Summary

A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yield an internal server error resulting in denial of service. The highest threat from this vulnerability is to system availability.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat 3Scale API Management 2.0	1

References

https://bugzilla.redhat.com/show_bug.cgi?id=1928302
https://bugzilla.redhat.com/show_bug.cgi?id=1928302