Description

A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed.

INFO

Published Date :

2024-10-09T14:32:10.972Z

Last Modified :

2026-03-20T10:41:56.036Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-9671 vulnerability.

Vendors Products
Redhat
  • 3scale Api Management Platform
  • Red Hat 3scale Amp
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-9671.

URL Resource
https://access.redhat.com/security/cve/CVE-2024-9671 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2317449 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-9671 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-9671 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact