CVE-2021-3523 - AskarLabs CVE Database

CVE-2021-3523

Vendor N/A

Product apicast

Weakness CWE-281

Published April 27, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address.

Key dates

02Disclosure timeline

April 27, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-3523 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/281.html

Related vulnerabilities

04Related CVE

CVE-2025-26693 security_access_token has an improper preservation of permissions vulnerability CVE-2022-31608 CVE-2024-22114 System Information Widget in Global View Dashboard exposes information about Hosts to Users without Permission CVE-2024-22402 Improper handling of request URLs in Nextcloud Guests app allows guest users to bypass app allowlist CVE-2023-45807 OpenSearch Issue with tenant read-only permissions