Filtered by vendor Redhat Subscriptions
Filtered by product 3scale Api Management Platform Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-44487 32 Akka, Amazon, Apache and 29 more 364 Http Server, Opensearch Data Prepper, Apisix and 361 more 2024-12-20 7.5 High
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2024-9671 1 Redhat 2 3scale Api Management Platform, Red Hat 3scale Amp 2024-12-04 5.3 Medium
A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed.
CVE-2017-7512 1 Redhat 2 3scale Amp, 3scale Api Management Platform 2024-11-21 N/A
Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. NOTE: some sources have a typo in which CVE-2017-7512 maps to an OpenVPN vulnerability. The proper CVE ID for that OpenVPN vulnerability is CVE-2017-7521. Specifically, CVE-2017-7521 is the correct CVE ID for TWO closely related findings in OpenVPN. Any source that lists BOTH CVE-2017-7512 and CVE-2017-7521 for OpenVPN should have listed ONLY CVE-2017-7521.