Vulnerabilities > Redhat > 3Scale > 2.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-25 | CVE-2021-3814 | Missing Authorization vulnerability in Redhat 3Scale It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. | 7.5 |
| 2021-05-26 | CVE-2020-25634 | Missing Authentication for Critical Function vulnerability in Redhat 3Scale and 3Scale API Management A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. | 5.4 |
| 2021-05-26 | CVE-2019-14836 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat 3Scale 2.4 A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. | 8.8 |
| 2019-12-12 | CVE-2019-14849 | Unspecified vulnerability in Redhat 3Scale 2.0/2.4 A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. | 5.4 |