CVE Vulnerability

CVE-2021-3523

A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1954805 Issue Tracking Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:redhat:apicast:*:*:*:*:*:*:*:*
Information

Published : 2022-04-27 09:15

Updated : 2022-05-06 06:49

NVD link : CVE-2021-3523

Mitre link : CVE-2021-3523

Products Affected
No products.
CWE
CWE-281

Improper Preservation of Permissions