First published: Thu Oct 03 2019(Updated: )
It was found that 3scale's APIcast gateway enabled TLS 1.0 protocol. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to unauthorized information. TLS 1.2 or stronger should be used; TLS 1.0 should be avoided, and TLS 1.1 is slated for deprecation by various industry entities in early 2020.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat 3scale Api Management | =2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-14852 is a vulnerability found in 3scale’s APIcast gateway that enables the TLS 1.0 protocol, which can be exploited by an attacker to break encryption and gain unauthorized access to information.
CVE-2019-14852 has a severity level of high, with a CVSS score of 7.5.
The Red Hat 3scale API Management Platform version 2.0 is affected by CVE-2019-14852.
An attacker can exploit CVE-2019-14852 by targeting traffic that uses the weak TLS 1.0 protocol and breaking its encryption to gain unauthorized access to information.
Yes, a patch or update provided by Red Hat is available to fix CVE-2019-14852. It is recommended to apply the patch as soon as possible.