CVE-2019-14836: CSRF
First published: Wed May 26 2021(Updated: )
A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat 3scale | =2.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-14836?
CVE-2019-14836 is a vulnerability found in the 3scale dev portal that allows unauthorized access and potential further attacks.
How severe is CVE-2019-14836?
CVE-2019-14836 has a severity rating of 8.8 (high) on the CVSS scale.
What software is affected by CVE-2019-14836?
Redhat 3scale version 2.4 is affected by CVE-2019-14836.
How can an attacker exploit CVE-2019-14836?
An attacker can exploit CVE-2019-14836 by using the lack of login CSRF protection in the 3scale dev portal to access unauthorized information or conduct further attacks.
Is there a fix available for CVE-2019-14836?
Yes, a fix for CVE-2019-14836 is available. Please refer to the provided reference for more information.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/redhat
- canonical/redhat 3scale
- version/redhat 3scale/2.4