CVE-2019-14852
First published: Thu Oct 03 2019(Updated: )
It was found that 3scale's APIcast gateway enabled TLS 1.0 protocol. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to unauthorized information. TLS 1.2 or stronger should be used; TLS 1.0 should be avoided, and TLS 1.1 is slated for deprecation by various industry entities in early 2020.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat 3scale Api Management | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-14852?
CVE-2019-14852 is a vulnerability found in 3scale’s APIcast gateway that enables the TLS 1.0 protocol, which can be exploited by an attacker to break encryption and gain unauthorized access to information.
What is the severity of CVE-2019-14852?
CVE-2019-14852 has a severity level of high, with a CVSS score of 7.5.
What software is affected by CVE-2019-14852?
The Red Hat 3scale API Management Platform version 2.0 is affected by CVE-2019-14852.
How can an attacker exploit CVE-2019-14852?
An attacker can exploit CVE-2019-14852 by targeting traffic that uses the weak TLS 1.0 protocol and breaking its encryption to gain unauthorized access to information.
Is there a fix available for CVE-2019-14852?
Yes, a patch or update provided by Red Hat is available to fix CVE-2019-14852. It is recommended to apply the patch as soon as possible.
- collector/redhat-bugzilla
- alias/CVE-2019-14852
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- vendor/redhat
- canonical/redhat 3scale api management
- version/redhat 3scale api management/2.0