Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
3scale api management vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-3412
It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduct further attacks.
Redhat 3scale Api Management 2.0
Redhat 3scale
5.5
CVSSv2
CVE-2020-25634
A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an malicious user to view sensitive information or modify service APIs. Versions prior to 3scale-2.10.0-ER1 are affected.
Redhat 3scale Api Management 2.0
Redhat 3scale
Redhat 3scale 2.10.0
NA
CVE-2023-4910
A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.
Redhat 3scale Api Management 2.0
5
CVSSv2
CVE-2019-14852
A flaw was found in 3scale’s APIcast gateway that enabled the TLS 1.0 protocol. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to unauthorized information. Version shipped in Red Hat 3scale API Management Platform is vul...
Redhat 3scale Api Management 2.0
6.5
CVSSv2
CVE-2020-14388
A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced. This flaw allows an authenticated user to bypass normal account restrictions and access API services where they do not have permissi...
Redhat 3scale Api Management 2.0
6.8
CVSSv2
CVE-2021-20252
A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yi...
Redhat 3scale Api Management 2.0
NA
CVE-2022-1414
3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks.
Redhat 3scale Api Management 2.0
6.8
CVSSv2
CVE-2019-10216
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and acce...
Artifex Ghostscript
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Eus 7.7
Redhat Enterprise Linux Server Aus 7.7
Redhat Enterprise Linux Server Tus 7.7
Redhat 3scale Api Management 2.6
1 Github repository
5
CVSSv2
CVE-2017-7502
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.
Mozilla Network Security Services 3.25.0
Mozilla Network Security Services 3.29.1
Mozilla Network Security Services 3.29.0
Mozilla Network Security Services 3.30.0
Mozilla Network Security Services 3.29.2
Mozilla Network Security Services 3.25.1
Mozilla Network Security Services 3.28.1
Mozilla Network Security Services 3.26.2
Mozilla Network Security Services 3.30.1
Mozilla Network Security Services 3.24.0
Mozilla Network Security Services 3.27.0
Mozilla Network Security Services 3.29.3
Mozilla Network Security Services 3.28.0
Mozilla Network Security Services 3.27.2
Mozilla Network Security Services 3.28.3
Mozilla Network Security Services 3.28.2
Mozilla Network Security Services 3.27.1
Mozilla Network Security Services 3.26.0
6.9
CVSSv2
CVE-2021-3609
.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege e...
Linux Linux Kernel
Redhat Virtualization Host 4.0
Redhat Virtualization 4.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Aus 8.2
Redhat Openshift Container Platform 4.6
Redhat 3scale Api Management 2.0
Redhat Openshift Container Platform 4.7
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux For Real Time For Nfv Tus 8.2
Redhat Enterprise Linux For Real Time Tus 8.2
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.2
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.4
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.1
Redhat Enterprise Linux For Power Little Endian Eus 8.2
Redhat Enterprise Linux For Power Little Endian Eus 8.1
Redhat Enterprise Linux For Ibm Z Systems Eus 8.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975
CVE-2024-2961
CVE-2024-20380
XML injection
HTML injection
CVE-2024-29204
CVE-2023-51795
memory leak
CVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »