CVE-2022-1414

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2022-1414	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2076794	Issue Tracking Vendor Advisory
https://access.redhat.com/security/cve/CVE-2022-1414	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2076794	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:3scale_api_management:2.0:*:*:*:*:*:*:*

History

21 Nov 2024, 06:40

Type	Values Removed	Values Added
References	~~() https://access.redhat.com/security/cve/CVE-2022-1414 - Vendor Advisory~~	() https://access.redhat.com/security/cve/CVE-2022-1414 - Vendor Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2076794 - Issue Tracking, Vendor Advisory~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2076794 - Issue Tracking, Vendor Advisory

Information

Published : 2022-10-19 18:15

Updated : 2024-11-21 06:40

NVD link : CVE-2022-1414

Mitre link : CVE-2022-1414

CVE.ORG link : CVE-2022-1414

JSON object : View

Products Affected

redhat

3scale_api_management

CWE

CWE-1173

Improper Use of Validation Framework

CWE-20

Improper Input Validation

{"id": "CVE-2022-1414", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-10-19T18:15:11.707", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2022-1414", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076794", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2022-1414", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076794", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-1173"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks."}, {"lang": "es", "value": "3scale API Management versi\u00f3n 2 no lleva a cabo un saneo apropiado de las entradas del usuario en m\u00faltiples campos. Un usuario autenticado podr\u00eda usar este fallo para inyectar scripts y posiblemente conseguir acceso a informaci\u00f3n confidencial o conducir otros ataques"}], "lastModified": "2024-11-21T06:40:41.007", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:3scale_api_management:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5434CC8-66E0-4378-AAB3-B2FECDDE61BB"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}