CVE-2019-14852

CWE-327 — Broken Cryptographic Algorithm5 documents5 sources

Severity

7.5HIGH

EPSS

0.1%

top 78.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat 3scale API Management

Timeline

PublishedMar 18

Latest updateMay 24

Description

A flaw was found in 3scale’s APIcast gateway that enabled the TLS 1.0 protocol. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to unauthorized information. Version shipped in Red Hat 3scale API Management Platform is vulnerable to this issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDredhat/3scale_api_management2.0

▶CVEListV5apicastAs shipped with Red Hat 3scale API Management Platform

🔴Vulnerability Details

GHSA

GHSA-hpq5-x75j-q4f2: A flaw was found in 3scale’s APIcast gateway that enabled the TLS 1↗2022-05-24

▶

CVEList

CVE-2019-14852: A flaw was found in 3scale’s APIcast gateway that enabled the TLS 1↗2021-03-18

▶

📋Vendor Advisories

Red Hat

apicast: deprecated protocol TLS 1.0 enabled in gateway↗2021-03-17

▶

💬Community

Bugzilla

CVE-2019-14852 apicast: deprecated protocol TLS 1.0 enabled in gateway↗2019-10-03

▶