CVE-2022-1414

EPSS 0.32%
Published 19.10.2022 18:15:11
Last modified 09.05.2025 15:15:49
Source secalert@redhat.com
Teams watchlist Login
Open Login

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks.

Affected products Warnungen 0 Metrics 3 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ 3scale Api Management Version2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.32%	0.543

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-1173 Improper Use of Validation Framework

The product does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://access.redhat.com/security/cve/CVE-2022-1414

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2076794

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2022-1414

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1414

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1414

EUVD