{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-12125", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-12-03T23:56:18.327Z", "datePublished": "2025-11-06T21:50:40.704Z", "dateUpdated": "2025-11-14T18:11:52.501Z"}, "containers": {"cna": {"title": "3scale-porta: readonly fields not validated server-side", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat 3scale API Management Platform 2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "3scale-porta", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:red_hat_3scale_amp:2"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-12125", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330214", "name": "RHBZ#2330214", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2025-11-03T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-281", "description": "Improper Preservation of Permissions", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-281: Improper Preservation of Permissions", "workarounds": [{"lang": "en", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}], "timeline": [{"lang": "en", "time": "2024-06-29T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-11-03T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-11-14T18:11:52.501Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-07T15:14:24.893339Z", "id": "CVE-2024-12125", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-07T15:14:34.402Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-12125", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-07T15:14:24.893339Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-07T15:14:31.603Z"}}], "cna": {"title": "3scale-porta: readonly fields not validated server-side", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"cpes": ["cpe:/a:redhat:red_hat_3scale_amp:2"], "vendor": "Red Hat", "product": "Red Hat 3scale API Management Platform 2", "packageName": "3scale-porta", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-06-29T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-11-03T00:00:00+00:00", "value": "Made public."}], "datePublic": "2025-11-03T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-12125", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330214", "name": "RHBZ#2330214", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}], "descriptions": [{"lang": "en", "value": "A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-281", "description": "Improper Preservation of Permissions"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-11-14T18:11:52.501Z"}, "x_redhatCweChain": "CWE-281: Improper Preservation of Permissions"}}, "cveMetadata": {"cveId": "CVE-2024-12125", "state": "PUBLISHED", "dateUpdated": "2025-11-14T18:11:52.501Z", "dateReserved": "2024-12-03T23:56:18.327Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2025-11-06T21:50:40.704Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information."}], "id": "CVE-2024-12125", "lastModified": "2025-11-14T13:15:43.403", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2025-11-06T22:15:37.110", "references": [{"source": "[email protected]", "url": "https://access.redhat.com/security/cve/CVE-2024-12125"}, {"source": "[email protected]", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330214"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-281"}], "source": "[email protected]", "type": "Secondary"}]}

{"bugzilla": {"description": "3scale-porta: Readonly fields not validated server-side", "id": "2330214", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330214"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-281", "details": ["A flaw was found in the 3scale developer portal. This issue can allow account creation or updates passed through hidden or read-only fields, the contents of which may be altered. This flaw allows an attacker to access or modify restricted information."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-12125", "package_state": [{"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-porta", "product_name": "Red Hat 3scale API Management Platform 2"}], "public_date": "2025-11-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-12125\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-12125"], "threat_severity": "Moderate"}