It was found that member permissions for an API's admin portal in 3scale were not properly enforced. An authenticated user could use this flaw to bypass normal account restrictions and access API services they do not have permissions for.