3Scale Api Management
CVE-2022-1414
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks.
AnalysisAI
3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-1173. 3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks. Affected products include: Redhat 3Scale Api Management.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in 3Scale Api Management
View allA random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may r
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scr
A flaw was found in Gateway. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authenticati
It was found that all versions of 3Scale developer portal lacked brute force protections. Rated high severity (CVSS 7.3)
A flaw was found in Red Hat 3scale API Management Platform 2. Rated medium severity (CVSS 6.5), this vulnerability is re
A flaw was found In 3Scale Admin Portal. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Same weakness CWE-1173 – Improper Use of Validation Framework
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today