Vulnerabilities > CVE-2021-3814 - Missing Authorization vulnerability in Redhat 3Scale

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
redhat
CWE-862
NVD
Published: 2022-03-25
Updated: 2022-04-07

Summary

It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure.

Vulnerable Configurations

Part Description Count
Application
Redhat
18

Common Weakness Enumeration (CWE)

References