VYPR

3scale API Management Platform

by Red Hat

CVEs (9)

  • CVE-2023-44487HigKEVOct 10, 2023
    risk 0.65cvss 7.5epss 1.00

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2017-7512CriJul 7, 2017
    risk 0.64cvss 9.8epss 0.02

    Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. NOTE: some sources have a typo in…

  • CVE-2023-4910Nov 6, 2023
    risk 0.00cvss epss 0.00

    A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.

  • CVE-2023-5349Oct 30, 2023
    risk 0.00cvss epss 0.01

    A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion.

  • CVE-2023-0456Sep 27, 2023
    risk 0.00cvss epss 0.01

    A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information.

  • CVE-2020-14388Jun 2, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced. This flaw allows an authenticated user to bypass normal account restrictions and access API services where they do not have permission.

  • CVE-2020-25634May 26, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or modify service APIs. Versions before 3scale-2.10.0-ER1 are affected.

  • CVE-2019-14852Mar 18, 2021
    risk 0.00cvss epss 0.00

    A flaw was found in 3scale’s APIcast gateway that enabled the TLS 1.0 protocol. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to unauthorized information. Version shipped in Red Hat 3scale API Management Platform is…

  • CVE-2021-20252Feb 23, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually…