CVE-2020-14388 - A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API'

CVE-2020-14388

Summary

A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced. This flaw allows an authenticated user to bypass normal account restrictions and access API services where they do not have permission.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1875553

Vulnerable Configurations

cpe:2.3:a:redhat:3scale_api_management:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:3scale_api_management:2.0:*:*:*:*:*:*:*

CVSS

Base:	6.5 (as of 25-07-2022 - 11:42)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:P/A:P

Last major update

25-07-2022 - 11:42

Published

02-06-2021 - 13:15

Last modified

25-07-2022 - 11:42