Vulnerabilities > CVE-2024-9671 - Missing Authorization vulnerability in Redhat 3Scale API Management Platform 2.0

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

redhat

CWE-862

NVD

Published: 2024-10-09

Updated: 2024-12-04

Summary

A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat 3Scale API Management Platform 2.0	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://access.redhat.com/security/cve/CVE-2024-9671
https://bugzilla.redhat.com/show_bug.cgi?id=2317449