Vulnerability Details CVE-2024-9671
A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.1%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2024-9671
-
cpe:2.3:a:redhat:3scale_api_management_platform:2.0