CVE-2022-1414

High

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw…

redhat·CWE-1173·Published 2022-10-19

CVSS

8.8

EPSS

0.01

KEV

Exploits

cve.orgen

233 chars

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks.

NVDen

233 chars

NVDes

267 chars

3scale API Management versión 2 no lleva a cabo un saneo apropiado de las entradas del usuario en múltiples campos. Un usuario autenticado podría usar este fallo para inyectar scripts y posiblemente conseguir acceso a información confidencial o conducir otros ataques

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	8.8	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H