A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or modify service APIs. Versions before 3scale-2.10.0-ER1 are affected.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NRed Hat 3scale
APPRedhat2.10.0< 2.10.0Red Hat 3scale Api Management
APPRedhat2.0
Related vulnerabilities
A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to in...
3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticat...
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a ...
It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses s...
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processi...