VYPR
Vendor

3scale

Products
3
CVEs
3
Across products
3
Status
Private

Products

3

Recent CVEs

3
  • CVE-2022-1414HigOct 19, 2022
    risk 0.57cvss 8.8epss 0.01

    3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks.

  • CVE-2021-3523HigApr 27, 2022
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address.

  • CVE-2021-3814HigMar 25, 2022
    risk 0.49cvss 7.5epss 0.01

    It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure.