CVE-2022-1414
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | 3scale-amp-system | 3scale-amp-system as shipped in 3scale-AMP 2 | affected |
Weaknesses
- CWE-1173: CWE-1173
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=2076794
- https://access.redhat.com/security/cve/CVE-2022-1414
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2076794
- https://access.redhat.com/security/cve/CVE-2022-1414
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.