CVE-2021-3523

EPSS 0.16%
Published 27.04.2022 21:15:08
Last modified 21.11.2024 06:21:45
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Apicast Version < 2.11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.379

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-281 Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

https://bugzilla.redhat.com/show_bug.cgi?id=1954805

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2021-3523

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-3523

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-3523

EUVD