Vulnerability Details : CVE-2021-3412

It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduct further attacks.

Published 2021-06-01 14:15:10

Updated 2022-06-03 17:24:27

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-3412

Probability of exploitation activity in the next 30 days: 0.08%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 33 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-3412

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.3	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	3.9	3.4	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low

CWE ids for CVE-2021-3412

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.
Assigned by:
- [email protected] (Secondary)
- [email protected] (Primary)

References for CVE-2021-3412

https://bugzilla.redhat.com/show_bug.cgi?id=1928301

Issue Tracking;Vendor Advisory

Products affected by CVE-2021-3412

Redhat » 3scale Api Management » Version: 2.0
cpe:2.3:a:redhat:3scale_api_management:2.0:*:*:*:*:*:*:*
Matching versions
Redhat » 3scale
cpe:2.3:a:redhat:3scale:*:*:*:*:*:*:*:*
Matching versions