CVE-2021-20252

A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yield an internal server error resulting in denial of service. The highest threat from this vulnerability is to system availability.

Published: Feb 24, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-20252
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:L/Au:S/C:N/I:N/A:C

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
redhat / 3scale_api_management	2.0	2.0.x

https://bugzilla.redhat.com/show_bug.cgi?id=1928302

Vulnerability Database

289,697

CVE-2021-20252