CVE-2021-3523

EPSS 0.16%
Veröffentlicht 27.04.2022 21:15:08
Zuletzt bearbeitet 21.11.2024 06:21:45
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Apicast Version < 2.11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.379

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-281 Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

https://bugzilla.redhat.com/show_bug.cgi?id=1954805

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2021-3523

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-3523

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-3523

EUVD