CVE-2021-20252: Input Validation
First published: Fri Feb 12 2021(Updated: )
It was found that 3scale backend does not perform preventive handling on user-requested date ranges in certain queries. A malicious authenticated user could submit a request with a sufficiently large date range eventually yielding an internal server error, resulting in denial of service.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat 3scale Api Management | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this flaw in Red Hat 3scale API Management Platform 2?
The vulnerability ID of this flaw in Red Hat 3scale API Management Platform 2 is CVE-2021-20252.
What is the severity rating of CVE-2021-20252?
CVE-2021-20252 has a severity rating of 6.5 (Medium).
What is the affected software for CVE-2021-20252?
The affected software for CVE-2021-20252 is Red Hat 3scale API Management Platform version 2.0.
How does the vulnerability in Red Hat 3scale API Management Platform 2 occur?
The vulnerability in Red Hat 3scale API Management Platform 2 occurs due to a lack of preventive handling on user-requested date ranges in certain queries.
Is CVE-2021-20252 exploitable by an authenticated user?
Yes, CVE-2021-20252 can be exploited by a malicious authenticated user.
- collector/redhat-bugzilla
- alias/CVE-2021-20252
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/tags
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/redhat
- canonical/redhat 3scale api management
- version/redhat 3scale api management/2.0