{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T19:19:55.015","vulnerabilities":[{"cve":{"id":"CVE-2024-10295","sourceIdentifier":"secalert@redhat.com","published":"2024-10-24T18:15:05.597","lastModified":"2025-06-18T18:23:58.620","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue can occur due to a failure in the base64 decoding process, which causes APICast to skip the rest of the authentication checks and proceed with routing the request upstream."},{"lang":"es","value":"Se encontró una falla en Gateway. El envío de una autenticación \"básica\" que no sea base64 con caracteres especiales puede provocar que APICast autentique incorrectamente una solicitud. Un encabezado de autenticación básica mal formado que contenga caracteres especiales omite la autenticación y permite el acceso no autorizado al backend. Este problema puede ocurrir debido a una falla en el proceso de decodificación base64, que hace que APICast omita el resto de las comprobaciones de autenticación y proceda a enrutar la solicitud en sentido ascendente."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:3scale_api_management:2.0:*:*:*:*:*:*:*","matchCriteriaId":"C5434CC8-66E0-4378-AAB3-B2FECDDE61BB"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2024-10295","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2321258","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}}]}