CVE Identifier: CVE-2024-12125 Severity: Moderate CVSS v3 Score: 5.4 Description: - A flaw was found in the 3scale developer portal. This issue can allow account creation or updates passed through hidden or read-only fields, the contents of which may be altered. This flaw allows an attacker to access or modify restricted information. Mitigation: - Currently, no mitigation meets the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Additional Information: - Bugzilla 2330214: 3scale-porta: Readonly fields not validated server-side - CWE-281: Improper Preservation of Permissions Affected Packages: - Red Hat 3scale API Management Platform 2 - 3scale-porta is affected. CVSS v3 Score Breakdown: - Base Score: 5.4 - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None CWE: CWE-281 - Improper Preservation of Permissions FAQ: Multiple questions and answers regarding the vulnerability and its impact are provided.