CVE-2021-3412

It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduct further attacks.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1928301 Issue Tracking Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1928301 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:3scale:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:3scale_api_management:2.0:*:*:*:*:*:*:*

History

21 Nov 2024, 06:21

Type Values Removed Values Added
References () https://bugzilla.redhat.com/show_bug.cgi?id=1928301 - Issue Tracking, Vendor Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=1928301 - Issue Tracking, Vendor Advisory

Information

Published : 2021-06-01 14:15

Updated : 2024-11-21 06:21


NVD link : CVE-2021-3412

Mitre link : CVE-2021-3412

CVE.ORG link : CVE-2021-3412


JSON object : View

Products Affected

redhat

  • 3scale
  • 3scale_api_management
CWE
CWE-307

Improper Restriction of Excessive Authentication Attempts