Lucene search

[email protected]NVD:CVE-2019-14852

HistoryMar 18, 2021 - 8:15 p.m.

CVE-2019-14852

2021-03-1820:15:12

CWE-327

[email protected]

web.nvd.nist.gov

3scale

apicast

tls 1.0

red hat

vulnerability

encryption

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

43.6%

JSON

A flaw was found in 3scale’s APIcast gateway that enabled the TLS 1.0 protocol. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to unauthorized information. Version shipped in Red Hat 3scale API Management Platform is vulnerable to this issue.

Affected configurations

Nvd

Node

redhat3scale_api_managementMatch2.0

VendorProductVersionCPE
redhat3scale_api_management2.0cpe:2.3:a:redhat:3scale_api_management:2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	3scale_api_management	2.0	cpe:2.3:a:redhat:3scale_api_management:2.0:::::::*

References

bugzilla.redhat.com/show_bug.cgi?id=1758208

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

43.6%

JSON

Related for NVD:CVE-2019-14852

cve1 redhatcve1 prion1 cvelist1