CVE-2022-1414

CWE-1173CWE-20Improper Input Validation4 documents4 sources
Severity
8.8HIGH
EPSS
0.5%
top 33.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat 3scale API Management
Timeline
PublishedOct 19

Description

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV53scale-amp-system3scale-amp-system as shipped in 3scale-AMP 2

🔴Vulnerability Details

2
GHSA
GHSA-c7ff-fqm5-qq8j: 3scale API Management 2 does not perform adequate sanitation for user input in multiple fields2022-10-19
CVEList
CVE-2022-1414: 3scale API Management 2 does not perform adequate sanitation for user input in multiple fields2022-10-19

📋Vendor Advisories

1
Red Hat
3scale-system: script injection in multiple endpoints2022-04-19
CVE-2022-1414 (HIGH CVSS 8.8) | 3scale API Management 2 does not pe | cvebase.io