CVE-2024-12125

EPSS 0.04%
Veröffentlicht 06.11.2025 21:50:40
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

3scale-porta: readonly fields not validated server-side

A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

CNA 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Hersteller3scale

≫

Produkt porta

Default Statusunaffected

Version 0

Version < 3scale-2.16.0-GA

Status affected

HerstellerRed Hat

≫

Produkt Red Hat 3scale API Management Platform 2

Default Statusaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.13

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-281 Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

https://access.redhat.com/security/cve/CVE-2024-12125

https://bugzilla.redhat.com/show_bug.cgi?id=2330214

https://nvd.nist.gov/vuln/detail/CVE-2024-12125

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-12125

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-12125

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-12125