PT-2021-9724 · Red Hat · Red Hat 3Scale Api Management Platform

Published

2021-06-02

Updated

2022-07-25

CVE-2020-14388

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Red Hat 3scale API Management Platform (affected versions not specified)

Description A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced. This flaw allows an authenticated user to bypass normal account restrictions and access API services where they do not have permission.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2020-14388

Affected Products

Red Hat 3Scale Api Management Platform

PT-2021-9724 · Red Hat · Red Hat 3Scale Api Management Platform

CVE-2020-14388

Weakness Enumeration

Related Identifiers

Affected Products

References · 4