CVE-2021-3412

It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduct further attacks.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1928301 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:3scale:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:3scale_api_management:2.0:*:*:*:*:*:*:*

History

10 Jun 2021, 15:40

Type Values Removed Values Added
CWE CWE-307
CPE cpe:2.3:a:redhat:3scale:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:3scale_api_management:2.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.3
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1928301 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1928301 - Issue Tracking, Vendor Advisory

01 Jun 2021, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-06-01 14:15

Updated : 2024-02-04 21:47


NVD link : CVE-2021-3412

Mitre link : CVE-2021-3412

CVE.ORG link : CVE-2021-3412


JSON object : View

Products Affected

redhat

  • 3scale
  • 3scale_api_management
CWE
CWE-307

Improper Restriction of Excessive Authentication Attempts