CVE-2020-14388
MEDIUMRed Hat 3scale API Management Platform - Authenticated Improper Access Control
Title source: llmDescription
A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced. This flaw allows an authenticated user to bypass normal account restrictions and access API services where they do not have permission.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1875553
Scores
CVSS v3
6.3
EPSS
0.0018
EPSS Percentile
39.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-284
Status
published
Products (1)
redhat/3scale_api_management
2.0
Published
Jun 02, 2021
Tracked Since
Feb 18, 2026