Vulnerabilities > CVE-2021-3814 - Missing Authorization vulnerability in Redhat 3Scale

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
redhat
CWE-862

Summary

It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure.

Common Weakness Enumeration (CWE)