cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10295,https://securityvulnerability.io/vulnerability/CVE-2024-10295,Unauthorized Access via Malformed Basic Authentication in APICast,"A vulnerability exists in Red Hat's Gateway impacting its ability to authenticate requests correctly. When a non-base64 encoded basic authentication header contains special characters, the APICast service fails to carry out the necessary authentication checks due to an oversight in the base64 decoding process. This flaw enables unauthorized users to access backend systems by circumventing standard authentication mechanisms, exposing critical resources to potential threats.",Red Hat,Red Hat 3scale Api Management Platform 2,7.5,HIGH,0.0008699999889358878,false,false,false,false,,false,false,2024-10-24T17:55:10.314Z,0
CVE-2024-9671,https://securityvulnerability.io/vulnerability/CVE-2024-9671,System: pdf invoices of the developer users can be seen if the url is known,"A significant vulnerability exists in 3Scale that permits unauthorized access to PDF invoices of Developer users when the specific URL is known. This flaw arises from the absence of an authentication mechanism, allowing any person aware of or capable of guessing the invoice URL to gain access to sensitive billing information. Protecting this data is critical, as the exposure can lead to significant privacy concerns for affected users.",Red Hat,Red Hat 3scale Api Management Platform 2,5.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-10-09T15:15:00.000Z,0
CVE-2024-0560,https://securityvulnerability.io/vulnerability/CVE-2024-0560,Vulnerability in 3Scale and Keycloak 15 (or RHSSO 7.5.0) Allows for Unauthorized Access to Tokens,"A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_type is use_3scale_oidc_issuer_endpoint, the Token Introspection policy discovers the Token Introspection endpoint from the token_introspection_endpoint field, but the field was removed on RH-SSO 7.5. As a result, the policy doesn't inspect tokens, it determines that all tokens are valid.",Red Hat,"Upstream,Red Hat 3scale Api Management Platform 2",,,0.00044999999227002263,false,false,false,false,,false,false,2024-02-28T16:37:01.247Z,0
CVE-2023-4910,https://securityvulnerability.io/vulnerability/CVE-2023-4910,3scale-admin-portal: logged out users tokens can be accessed,"A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.",Red Hat,"upstream,Red Hat 3scale API Management Platform 2",5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-11-06T13:15:00.000Z,0
CVE-2023-5349,https://securityvulnerability.io/vulnerability/CVE-2023-5349,Draw while calling getdrawinfo(),"A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion.",Red Hat,"Rmagick,Red Hat 3scale Api Management Platform 2,Fedora",5.3,MEDIUM,0.0005600000149570405,false,false,false,false,,false,false,2023-10-30T21:15:00.000Z,0
CVE-2023-0456,https://securityvulnerability.io/vulnerability/CVE-2023-0456,Apicast proxies the api call with incorrect jwt token to the api backend without proper authorization check,"A flaw in the APICast OIDC module fails to properly handle responses from mismatched tokens originating from different realms. This oversight can potentially allow attackers to gain unauthorized access to sensitive information, as it might open doors to realms that should remain secure. Timely patching and updates are essential to safeguard against such vulnerabilities.",Red Hat,"Apicast,Red Hat 3scale Api Management Platform 2",7.4,HIGH,0.00215999991632998,false,false,false,false,,false,false,2023-09-27T15:16:00.000Z,0