{
  "threat_severity" : "Important",
  "public_date" : "2021-07-08T00:00:00Z",
  "bugzilla" : {
    "description" : "RHOAM: XSS in 3scale at various places",
    "id" : "1930083",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1930083"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-20->CWE-134",
  "details" : [ "A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidentiality.", "A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidentiality." ],
  "acknowledgement" : "This issue was discovered by Or Asaf (Red Hat Product Security) and Siddharth Sharma (Red Hat Product Security).",
  "affected_release" : [ {
    "product_name" : "3scale API Management 2.11 on RHEL 7",
    "release_date" : "2021-10-14T00:00:00Z",
    "advisory" : "RHSA-2021:3851",
    "cpe" : "cpe:/a:redhat:3scale_amp:2.11::el7",
    "package" : "3scale-amp2/3scale-rhel7-operator:1.14.0-4"
  }, {
    "product_name" : "3scale API Management 2.11 on RHEL 7",
    "release_date" : "2021-10-14T00:00:00Z",
    "advisory" : "RHSA-2021:3851",
    "cpe" : "cpe:/a:redhat:3scale_amp:2.11::el7",
    "package" : "3scale-amp2/3scale-rhel7-operator-metadata:2.11.0-16"
  }, {
    "product_name" : "3scale API Management 2.11 on RHEL 7",
    "release_date" : "2021-10-14T00:00:00Z",
    "advisory" : "RHSA-2021:3851",
    "cpe" : "cpe:/a:redhat:3scale_amp:2.11::el7",
    "package" : "3scale-amp2/apicast-rhel7-operator:1.14.0-3"
  }, {
    "product_name" : "3scale API Management 2.11 on RHEL 7",
    "release_date" : "2021-10-14T00:00:00Z",
    "advisory" : "RHSA-2021:3851",
    "cpe" : "cpe:/a:redhat:3scale_amp:2.11::el7",
    "package" : "3scale-amp2/apicast-rhel7-operator-metadata:2.11.0-9"
  }, {
    "product_name" : "3scale API Management 2.11 on RHEL 7",
    "release_date" : "2021-10-14T00:00:00Z",
    "advisory" : "RHSA-2021:3851",
    "cpe" : "cpe:/a:redhat:3scale_amp:2.11::el7",
    "package" : "3scale-amp2/memcached-rhel7:1.4.16-38"
  }, {
    "product_name" : "3scale API Management 2.11 on RHEL 7",
    "release_date" : "2021-10-14T00:00:00Z",
    "advisory" : "RHSA-2021:3851",
    "cpe" : "cpe:/a:redhat:3scale_amp:2.11::el7",
    "package" : "3scale-amp2/system-rhel7:1.15.0-8"
  }, {
    "product_name" : "3scale API Management 2.11 on RHEL 8",
    "release_date" : "2021-10-14T00:00:00Z",
    "advisory" : "RHSA-2021:3851",
    "cpe" : "cpe:/a:redhat:3scale_amp:2.11::el8",
    "package" : "3scale-amp2/apicast-gateway-rhel8:1.20.0-6"
  }, {
    "product_name" : "3scale API Management 2.11 on RHEL 8",
    "release_date" : "2021-10-14T00:00:00Z",
    "advisory" : "RHSA-2021:3851",
    "cpe" : "cpe:/a:redhat:3scale_amp:2.11::el8",
    "package" : "3scale-amp2/backend-rhel8:1.14.0-3"
  }, {
    "product_name" : "3scale API Management 2.11 on RHEL 8",
    "release_date" : "2021-10-14T00:00:00Z",
    "advisory" : "RHSA-2021:3851",
    "cpe" : "cpe:/a:redhat:3scale_amp:2.11::el8",
    "package" : "3scale-amp2/toolbox-rhel8:1.6.0-7"
  }, {
    "product_name" : "3scale API Management 2.11 on RHEL 8",
    "release_date" : "2021-10-14T00:00:00Z",
    "advisory" : "RHSA-2021:3851",
    "cpe" : "cpe:/a:redhat:3scale_amp:2.11::el8",
    "package" : "3scale-amp2/zync-rhel8:1.14.0-3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-3442\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3442" ],
  "name" : "CVE-2021-3442",
  "csaw" : false
}