CVE-2022-1414: Input Validation
First published: Tue Apr 19 2022(Updated: )
3scale does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat 3scale Api Management | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-1414?
CVE-2022-1414 is a vulnerability in 3scale API Management 2 that allows an authenticated user to inject scripts and potentially gain access to sensitive information or conduct further attacks.
How severe is CVE-2022-1414?
CVE-2022-1414 has a severity rating of 8.8, which is considered high.
What software is affected by CVE-2022-1414?
3scale API Management 2 version 2.0 is affected by CVE-2022-1414.
How can an authenticated user exploit CVE-2022-1414?
An authenticated user can exploit CVE-2022-1414 by injecting scripts in multiple fields and potentially gaining access to sensitive information or conducting further attacks.
Are there any references for CVE-2022-1414?
Yes, you can find more information about CVE-2022-1414 on Red Hat's Bugzilla page and the Red Hat Security Advisory.
- collector/redhat-bugzilla
- alias/CVE-2022-1414
- collector/nvd-index
- vendor/redhat
- canonical/redhat 3scale api management
- version/redhat 3scale api management/2.0