CVE-2022-1414

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:3scale_api_management:2.0:*:*:*:*:*:*:*

History

21 Oct 2022, 16:59

Type Values Removed Values Added
CWE CWE-1173 CWE-20
CPE cpe:2.3:a:redhat:3scale_api_management:2.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
References (MISC) https://access.redhat.com/security/cve/CVE-2022-1414 - (MISC) https://access.redhat.com/security/cve/CVE-2022-1414 - Vendor Advisory
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2076794 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2076794 - Issue Tracking, Vendor Advisory

19 Oct 2022, 18:24

Type Values Removed Values Added
New CVE

Information

Published : 2022-10-19 18:15

Updated : 2024-02-04 22:51


NVD link : CVE-2022-1414

Mitre link : CVE-2022-1414

CVE.ORG link : CVE-2022-1414


JSON object : View

Products Affected

redhat

  • 3scale_api_management
CWE
CWE-20

Improper Input Validation

CWE-1173

Improper Use of Validation Framework