CVE-2021-3412

CWE-3074 documents4 sources
Severity
7.3HIGH
EPSS
0.2%
top 64.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat 3scale API Management
Timeline
PublishedJun 1
Latest updateMay 24

Description

It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduct further attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

CVEListV53scaleall versions

🔴Vulnerability Details

2
GHSA
GHSA-jh24-r4rp-jw9m: It was found that all versions of 3Scale developer portal lacked brute force protections2022-05-24
CVEList
CVE-2021-3412: It was found that all versions of 3Scale developer portal lacked brute force protections2021-06-01

📋Vendor Advisories

1
Red Hat
3scale: lack of brute force protection on dev portal login2021-02-12
CVE-2021-3412 (HIGH CVSS 7.3) | It was found that all versions of 3 | cvebase.io