{"containers": {"cna": {"affected": [{"product": "Red Hat OpenShift API Management.", "vendor": "n/a", "versions": [{"status": "affected", "version": "Affects v2.9.1 GA."}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidentiality."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 - Improper Input Validation -> CWE-134 - Use of Externally-Controlled Format String", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-22T14:44:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930083"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/CVE-2021-3442"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:53:17.603Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930083"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/CVE-2021-3442"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3442", "datePublished": "2022-08-22T14:44:00", "dateReserved": "2021-03-15T00:00:00", "dateUpdated": "2024-08-03T16:53:17.603Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_api_management:2.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "BF704488-3B6C-4FB2-B73D-A48C3F6EDB05", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidentiality."}, {"lang": "es", "value": "Se ha encontrado un fallo en el producto Red Hat OpenShift API Management. Las entradas del usuario no son comprobadas, lo que permite a un usuario autenticado inyectar scripts en algunos cuadros de texto, conllevando a un ataque de tipo XSS. La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos."}], "id": "CVE-2021-3442", "lastModified": "2023-11-07T03:38:00.343", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-22T15:15:13.303", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2021-3442"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930083"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Or Asaf (Red Hat Product Security) and Siddharth Sharma (Red Hat Product Security).", "affected_release": [{"advisory": "RHSA-2021:3851", "cpe": "cpe:/a:redhat:3scale_amp:2.11::el7", "package": "3scale-amp2/3scale-rhel7-operator:1.14.0-4", "product_name": "3scale API Management 2.11 on RHEL 7", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3851", "cpe": "cpe:/a:redhat:3scale_amp:2.11::el7", "package": "3scale-amp2/3scale-rhel7-operator-metadata:2.11.0-16", "product_name": "3scale API Management 2.11 on RHEL 7", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3851", "cpe": "cpe:/a:redhat:3scale_amp:2.11::el7", "package": "3scale-amp2/apicast-rhel7-operator:1.14.0-3", "product_name": "3scale API Management 2.11 on RHEL 7", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3851", "cpe": "cpe:/a:redhat:3scale_amp:2.11::el7", "package": "3scale-amp2/apicast-rhel7-operator-metadata:2.11.0-9", "product_name": "3scale API Management 2.11 on RHEL 7", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3851", "cpe": "cpe:/a:redhat:3scale_amp:2.11::el7", "package": "3scale-amp2/memcached-rhel7:1.4.16-38", "product_name": "3scale API Management 2.11 on RHEL 7", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3851", "cpe": "cpe:/a:redhat:3scale_amp:2.11::el7", "package": "3scale-amp2/system-rhel7:1.15.0-8", "product_name": "3scale API Management 2.11 on RHEL 7", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3851", "cpe": "cpe:/a:redhat:3scale_amp:2.11::el8", "package": "3scale-amp2/apicast-gateway-rhel8:1.20.0-6", "product_name": "3scale API Management 2.11 on RHEL 8", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3851", "cpe": "cpe:/a:redhat:3scale_amp:2.11::el8", "package": "3scale-amp2/backend-rhel8:1.14.0-3", "product_name": "3scale API Management 2.11 on RHEL 8", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3851", "cpe": "cpe:/a:redhat:3scale_amp:2.11::el8", "package": "3scale-amp2/toolbox-rhel8:1.6.0-7", "product_name": "3scale API Management 2.11 on RHEL 8", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3851", "cpe": "cpe:/a:redhat:3scale_amp:2.11::el8", "package": "3scale-amp2/zync-rhel8:1.14.0-3", "product_name": "3scale API Management 2.11 on RHEL 8", "release_date": "2021-10-14T00:00:00Z"}], "bugzilla": {"description": "RHOAM: XSS in 3scale at various places", "id": "1930083", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930083"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "status": "verified"}, "cwe": "CWE-20->CWE-134", "details": ["A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidentiality.", "A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidentiality."], "name": "CVE-2021-3442", "public_date": "2021-07-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3442\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3442"], "threat_severity": "Important"}