3Scale Api Management
CVE-2023-4910
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.
AnalysisAI
A flaw was found In 3Scale Admin Portal. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Exposure of Resource to Wrong Sphere (CWE-668), which allows attackers to access resources from an unintended security context. A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache. Affected products include: Redhat 3Scale Api Management.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement proper access controls, validate resource access permissions, use security boundaries.
More in 3Scale Api Management
View all3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. Rated high severity (CVS
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may r
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scr
A flaw was found in Gateway. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authenticati
It was found that all versions of 3Scale developer portal lacked brute force protections. Rated high severity (CVSS 7.3)
A flaw was found in Red Hat 3scale API Management Platform 2. Rated medium severity (CVSS 6.5), this vulnerability is re
Same weakness CWE-668 – Exposure of Resource to Wrong Sphere
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today