MEDIUM🇬🇧 English

CVE-2020-25634

CVSS 5.4v3.1pub. 2021-05-26upd. 2024-11-21

A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or modify service APIs. Versions before 3scale-2.10.0-ER1 are affected.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
  • Red Hat 3scale

    APP
    Redhat
    2.10.0< 2.10.0
  • Red Hat 3scale Api Management

    APP
    Redhat
    2.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-10295HIGH7.5ten sam produkt

A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to in...

CVE-2022-1414HIGH8.8ten sam produkt

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticat...

CVE-2022-0330HIGH7.8ten sam produkt

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a ...

CVE-2021-3814HIGH7.5ten sam produkt

It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses s...

CVE-2021-3656HIGH8.8ten sam produkt

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processi...