Redhat: >> 3scale Api Management Platform >> 2.0 Security Vulnerabilities
A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed.
CVSS Score
5.3
EPSS Score
0.0
Published
2024-10-09
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Known exploited
CVSS Score
7.5
EPSS Score
0.944
Published
2023-10-10