CVE-2017-7512
moderate-risk
Published 2017-07-07
Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. NOTE: some sources have a typo in which CVE-2017-7512 maps to an OpenVPN vulnerability. The proper CVE ID for that OpenVPN vulnerability is CVE-2017-7521. Specifically, CVE-2017-7521 is the correct CVE ID for TWO closely related findings in OpenVPN. Any source that lists BOTH CVE-2017-7512 and CVE-2017-7521 for OpenVPN should have listed ONLY CVE-2017-7521.
Do I need to act?
-
0.50% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (6)
Vendor Advisory
https://access.redhat.com/security/cve/cve-2017-7512
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1457997
Vendor Advisory
https://access.redhat.com/security/cve/cve-2017-7512
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1457997
39
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
2/34 · Minimal
Exposure
5/34 · Minimal