Vulnerabilities > Redhat > 3Scale API Management

DATE CVE VULNERABILITY TITLE RISK
2023-11-06 CVE-2023-4910 Exposure of Resource to Wrong Sphere vulnerability in Redhat 3Scale API Management 2.0
A flaw was found In 3Scale Admin Portal.
local
low complexity
redhat CWE-668
5.5
2022-10-19 CVE-2022-1414 Improper Input Validation vulnerability in Redhat 3Scale API Management 2.0
3scale API Management 2 does not perform adequate sanitation for user input in multiple fields.
network
low complexity
redhat CWE-20
8.8
2022-03-25 CVE-2022-0330 Improper Preservation of Permissions vulnerability in multiple products
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU.
local
low complexity
linux redhat fedoraproject netapp CWE-281
7.8
2022-03-04 CVE-2021-3656 Missing Authorization vulnerability in multiple products
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization.
local
low complexity
linux fedoraproject redhat CWE-862
8.8
2022-03-03 CVE-2021-3609 Race Condition vulnerability in multiple products
.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges.
local
high complexity
linux redhat netapp CWE-362
7.0
2021-06-02 CVE-2020-14388 Unspecified vulnerability in Redhat 3Scale API Management 2.0
A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced.
network
low complexity
redhat
6.5
2021-06-01 CVE-2021-3412 Improper Restriction of Excessive Authentication Attempts vulnerability in Redhat 3Scale and 3Scale API Management
It was found that all versions of 3Scale developer portal lacked brute force protections.
network
low complexity
redhat CWE-307
5.0
2021-05-26 CVE-2020-25634 Missing Authentication for Critical Function vulnerability in Redhat 3Scale and 3Scale API Management
A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials.
network
low complexity
redhat CWE-306
5.4
2021-03-18 CVE-2019-14852 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Redhat 3Scale API Management 2.0
A flaw was found in 3scale’s APIcast gateway that enabled the TLS 1.0 protocol.
network
low complexity
redhat CWE-327
5.0
2021-02-23 CVE-2021-20252 Improper Input Validation vulnerability in Redhat 3Scale API Management 2.0
A flaw was found in Red Hat 3scale API Management Platform 2.
network
low complexity
redhat CWE-20
6.8