Vulnerabilities > Redhat > 3Scale
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-25 | CVE-2021-3814 | Missing Authorization vulnerability in Redhat 3Scale It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. | 5.0 |
| 2022-02-16 | CVE-2021-3752 | Race Condition vulnerability in multiple products A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. | 7.1 |
| 2021-06-01 | CVE-2021-3412 | Improper Restriction of Excessive Authentication Attempts vulnerability in Redhat 3Scale and 3Scale API Management It was found that all versions of 3Scale developer portal lacked brute force protections. | 5.0 |
| 2021-05-26 | CVE-2020-25634 | Missing Authentication for Critical Function vulnerability in Redhat 3Scale and 3Scale API Management A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. | 5.4 |
| 2021-05-26 | CVE-2019-14836 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat 3Scale 2.4 A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. | 8.8 |
| 2020-05-22 | CVE-2020-10711 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. | 5.9 |
| 2019-12-12 | CVE-2019-14849 | Information Exposure Through Sent Data vulnerability in Redhat 3Scale 2.0/2.4 A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. | 5.4 |