Vulnerabilities > Redhat > 3Scale > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-25 | CVE-2021-3814 | Missing Authorization vulnerability in Redhat 3Scale It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. | 7.5 |
| 2022-02-16 | CVE-2021-3752 | Race Condition vulnerability in multiple products A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. | 7.1 |
| 2021-06-01 | CVE-2021-3412 | Unspecified vulnerability in Redhat 3Scale and 3Scale API Management It was found that all versions of 3Scale developer portal lacked brute force protections. | 7.3 |
| 2021-05-26 | CVE-2019-14836 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat 3Scale 2.4 A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. | 8.8 |