{ "threat_severity" : "Moderate", "public_date" : "2020-05-18T00:00:00Z", "bugzilla" : { "description" : "3scale: dev portal missing protection against login CSRF", "id" : "1750928", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1750928" }, "cvss3" : { "cvss3_base_score" : "5.4", "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "status" : "verified" }, "cwe" : "CWE-352", "details" : [ "A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks.", "It was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks." ], "affected_release" : [ { "product_name" : "3scale API Management 2.10 on RHEL 7", "release_date" : "2021-04-08T00:00:00Z", "advisory" : "RHSA-2021:1129", "cpe" : "cpe:/a:redhat:3scale_amp:2.10::el7", "package" : "3scale-amp2/3scale-rhel7-operator:1.13.0-17" }, { "product_name" : "3scale API Management 2.10 on RHEL 7", "release_date" : "2021-04-08T00:00:00Z", "advisory" : "RHSA-2021:1129", "cpe" : "cpe:/a:redhat:3scale_amp:2.10::el7", "package" : "3scale-amp2/3scale-rhel7-operator-metadata:2.10.0-38" }, { "product_name" : "3scale API Management 2.10 on RHEL 7", "release_date" : "2021-04-08T00:00:00Z", "advisory" : "RHSA-2021:1129", "cpe" : "cpe:/a:redhat:3scale_amp:2.10::el7", "package" : "3scale-amp2/apicast-rhel7-operator:1.13.0-4" }, { "product_name" : "3scale API Management 2.10 on RHEL 7", "release_date" : "2021-04-08T00:00:00Z", "advisory" : "RHSA-2021:1129", "cpe" : "cpe:/a:redhat:3scale_amp:2.10::el7", "package" : "3scale-amp2/apicast-rhel7-operator-metadata:2.10.0-9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-14836\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14836" ], "name" : "CVE-2019-14836", "csaw" : false }