Latest redhat 3scale api management Vulnerabilities

CVE-2023-4910
3scale-admin-portal: logged out users tokens can be accessed
Redhat 3scale Api Management=2.0
CVE-2022-1414
3scale does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct ...
Redhat 3scale Api Management=2.0
CVE-2022-0330
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system ...
redhat/kernel-rt<0:3.10.0-1160.59.1.rt56.1200.el7
redhat/kernel<0:3.10.0-1160.59.1.el7
redhat/kernel<0:3.10.0-514.99.1.el7
redhat/kernel<0:3.10.0-693.99.1.el7
redhat/kernel<0:3.10.0-957.92.1.el7
redhat/kernel<0:3.10.0-1062.63.1.el7
and 246 more
CVE-2021-3656
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nes...
redhat/kernel-rt<0:3.10.0-1160.45.1.rt56.1185.el7
redhat/kernel<0:3.10.0-1160.45.1.el7
redhat/kernel<0:3.10.0-957.84.1.el7
redhat/kernel<0:3.10.0-1062.59.1.el7
redhat/kernel-rt<0:4.18.0-305.25.1.rt7.97.el8_4
redhat/kernel<0:4.18.0-305.25.1.el8_4
and 209 more
CVE-2021-3609
.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This ...
Linux Linux kernel>=2.6.25<4.4.276
Linux Linux kernel>=4.5<4.9.276
Linux Linux kernel>=4.10<4.14.240
Linux Linux kernel>=4.15<4.19.198
Linux Linux kernel>=4.20<5.4.132
Linux Linux kernel>=5.5.0<5.10.50
and 241 more
CVE-2021-20252
It was found that 3scale backend does not perform preventive handling on user-requested date ranges in certain queries. A malicious authenticated user could submit a request with a sufficiently large ...
Redhat 3scale Api Management=2.0
CVE-2021-3412
It was found that the 3scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduct further at...
Redhat 3scale
Redhat 3scale Api Management=2.0
CVE-2020-25634
3scale's API docs URL is accessible without credentials. An attacker could use this flaw to view sensitive information or modify service APIs.
redhat/3scale<2.10.0
Redhat 3scale<2.10.0
Redhat 3scale=2.10.0
Redhat 3scale Api Management=2.0
CVE-2020-14388
It was found that member permissions for an API's admin portal in 3scale were not properly enforced. An authenticated user could use this flaw to bypass normal account restrictions and access API serv...
Redhat 3scale Api Management=2.0
CVE-2019-10216
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by crea...
Artifex Ghostscript<9.50
Redhat 3scale Api Management=2.6
Redhat Enterprise Linux=5.0
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Desktop=7.0
and 5 more
CVE-2019-14852
It was found that 3scale's APIcast gateway enabled TLS 1.0 protocol. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to unauthorized information. T...
Redhat 3scale Api Management=2.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203