What the vulnerability does

01Description

A flaw was found in 3scale’s APIcast gateway that enabled the TLS 1.0 protocol. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to unauthorized information. Version shipped in Red Hat 3scale API Management Platform is vulnerable to this issue.

Key dates

02Disclosure timeline

March 18, 2021 CVE published
August 5, 2024 Record updated