{"containers": {"cna": {"affected": [{"product": "Red Hat 3scale API Management", "vendor": "n/a", "versions": [{"status": "affected", "version": "Red Hat 3scale API Management 2.10.0"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks."}], "problemTypes": [{"descriptions": [{"description": "Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-02T10:33:16", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847605"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:26:39.122Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847605"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-14836", "datePublished": "2021-05-26T11:18:13", "dateReserved": "2019-08-10T00:00:00", "dateUpdated": "2024-08-05T00:26:39.122Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:3scale:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "418A623D-DA87-4380-BDB1-90131C695CF5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en el portal de desarrollo de 3scale que no emplea mecanismos de protecci\u00f3n contra el CSRF de inicio de sesi\u00f3n. Un atacante podr\u00eda utilizar este fallo para acceder a informaci\u00f3n no autorizada o realizar otros ataques"}], "id": "CVE-2019-14836", "lastModified": "2024-11-21T04:27:28.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-26T12:15:10.737", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847605"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847605"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:1129", "cpe": "cpe:/a:redhat:3scale_amp:2.10::el7", "package": "3scale-amp2/3scale-rhel7-operator:1.13.0-17", "product_name": "3scale API Management 2.10 on RHEL 7", "release_date": "2021-04-08T00:00:00Z"}, {"advisory": "RHSA-2021:1129", "cpe": "cpe:/a:redhat:3scale_amp:2.10::el7", "package": "3scale-amp2/3scale-rhel7-operator-metadata:2.10.0-38", "product_name": "3scale API Management 2.10 on RHEL 7", "release_date": "2021-04-08T00:00:00Z"}, {"advisory": "RHSA-2021:1129", "cpe": "cpe:/a:redhat:3scale_amp:2.10::el7", "package": "3scale-amp2/apicast-rhel7-operator:1.13.0-4", "product_name": "3scale API Management 2.10 on RHEL 7", "release_date": "2021-04-08T00:00:00Z"}, {"advisory": "RHSA-2021:1129", "cpe": "cpe:/a:redhat:3scale_amp:2.10::el7", "package": "3scale-amp2/apicast-rhel7-operator-metadata:2.10.0-9", "product_name": "3scale API Management 2.10 on RHEL 7", "release_date": "2021-04-08T00:00:00Z"}], "bugzilla": {"description": "3scale: dev portal missing protection against login CSRF", "id": "1750928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1750928"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-352", "details": ["A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks.", "It was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks."], "name": "CVE-2019-14836", "public_date": "2020-05-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-14836\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14836"], "threat_severity": "Moderate"}