CVE-2021-20252: Input Validation
First published: Fri Feb 12 2021(Updated: )
A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yield an internal server error resulting in denial of service. The highest threat from this vulnerability is to system availability.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat 3scale Api Management | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this flaw in Red Hat 3scale API Management Platform 2?
The vulnerability ID of this flaw in Red Hat 3scale API Management Platform 2 is CVE-2021-20252.
What is the severity rating of CVE-2021-20252?
CVE-2021-20252 has a severity rating of 6.5 (Medium).
What is the affected software for CVE-2021-20252?
The affected software for CVE-2021-20252 is Red Hat 3scale API Management Platform version 2.0.
How does the vulnerability in Red Hat 3scale API Management Platform 2 occur?
The vulnerability in Red Hat 3scale API Management Platform 2 occurs due to a lack of preventive handling on user-requested date ranges in certain queries.
Is CVE-2021-20252 exploitable by an authenticated user?
Yes, CVE-2021-20252 can be exploited by a malicious authenticated user.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/description
- agent/tags
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-20252
- vendor/redhat
- canonical/redhat 3scale api management
- version/redhat 3scale api management/2.0