CVE-2021-3412
HIGH3scale - Unauthenticated Brute Force Attack via Login Endpoint
Title source: llmDescription
It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduct further attacks.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1928301
Scores
CVSS v3
7.3
EPSS
0.0015
EPSS Percentile
35.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-307
Status
published
Products (2)
redhat/3scale
redhat/3scale_api_management
2.0
Published
Jun 01, 2021
Tracked Since
Feb 18, 2026