CVE-2022-1414

EPSS 0.32%
Veröffentlicht 19.10.2022 18:15:11
Zuletzt bearbeitet 09.05.2025 15:15:49
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ 3scale Api Management Version2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.543

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-1173 Improper Use of Validation Framework

The product does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://access.redhat.com/security/cve/CVE-2022-1414

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2076794

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2022-1414

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1414

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1414

EUVD