CVE-2021-3814 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-3814 PUBLISHED CVSS 7.5 HIGH

It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure.

EPSS 0.26% · 49.6th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.26%

49.6th percentile

Affected Products

Vendor	Product	Versions
redhat	3scale	0
n/a	3scale	3scale 2.11

Timeline

Mar 25, 2022 CVE Published
Mar 26, 2022 EPSS Score
May 15, 2022 EPSS Score
Jul 5, 2022 EPSS Score
Aug 25, 2022 EPSS Score
Oct 14, 2022 EPSS Score
Dec 3, 2022 EPSS Score
Jan 23, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 14, 2023 EPSS Score
May 3, 2023 EPSS Score
Jun 22, 2023 EPSS Score

References

Open in Interactive Console →