CVE-2021-3814 — Vulnetix

CVE-2021-3814 PUBLISHED CVSS 7.5 HIGH

It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure.

EPSS 0.26% · 50.0th percentile

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.26%

50.0th percentile

Affected Products

Vendor	Product	Versions
redhat	3scale	0
n/a	3scale	3scale 2.11

Exploit Intelligence

https://bugzilla.redhat.com/show_bug.cgi?id=2004322 (circl)

Timeline

Mar 25, 2022 CVE Published
Mar 26, 2022 EPSS Score
May 16, 2022 EPSS Score
Jul 6, 2022 EPSS Score
Aug 27, 2022 EPSS Score
Oct 16, 2022 EPSS Score
Dec 6, 2022 EPSS Score
Jan 26, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 18, 2023 EPSS Score
May 8, 2023 EPSS Score
Jun 28, 2023 EPSS Score

References

https://bugzilla.redhat.com/show_bug.cgi?id=2004322 url
https://nvd.nist.gov/vuln/detail/CVE-2021-3814 advisory

Open in Interactive Console →