Vulnerabilities > Redhat > 3Scale > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-25 | CVE-2021-3814 | Missing Authorization vulnerability in Redhat 3Scale It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. | 5.0 |
2021-06-01 | CVE-2021-3412 | Improper Restriction of Excessive Authentication Attempts vulnerability in Redhat 3Scale and 3Scale API Management It was found that all versions of 3Scale developer portal lacked brute force protections. | 5.0 |
2021-05-26 | CVE-2020-25634 | Missing Authentication for Critical Function vulnerability in Redhat 3Scale and 3Scale API Management A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. | 5.4 |
2020-05-22 | CVE-2020-10711 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. | 5.9 |
2019-12-12 | CVE-2019-14849 | Information Exposure Through Sent Data vulnerability in Redhat 3Scale 2.0/2.4 A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. | 5.4 |