← back
CVE-2021-20252

CVE-2021-20252

EPSS 1.0%CWE-20
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
23 Feb 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yield an internal server error resulting in denial of service. The highest threat from this vulnerability is to system availability.
Affected products
n/a · 3scale/backend