CVE-2021-20252

Name of the Vulnerable Software and Affected Versions: Red Hat 3scale API Management Platform 2

Description: A flaw was found in the 3scale backend, which does not perform preventive handling on user-requested date ranges in certain queries. This allows a malicious authenticated user to submit a request with a sufficiently large date range, eventually yielding an internal server error and resulting in denial of service. The highest threat from this issue is to system availability.

Recommendations: For Red Hat 3scale API Management Platform 2, consider implementing preventive handling on user-requested date ranges in certain queries to prevent malicious users from submitting requests that could lead to an internal server error. As a temporary workaround, restrict the size of date ranges that can be submitted by users to minimize the risk of denial of service.