It was found that RH-3scale would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs.
Name: Ryan Nauman (TruCode)
This issue has been addressed in the following products:
3scale AMP 2.0
Via RHSA-2017:1712 https://access.redhat.com/errata/RHSA-2017:1712