VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 15, 2020· Updated Aug 4, 2024

CVE-2020-11661

CVE-2020-11661

Description

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An access control flaw in CA API Developer Portal 4.3.1 and earlier allows privileged users to view and edit arbitrary user data.

Vulnerability

CA API Developer Portal versions 4.3.1 and earlier contain an access control flaw that allows a privileged user to view and edit user data [1]. The vulnerability is due to insufficient authorization checks on certain administrative functions.

Exploitation

An attacker must already have a privileged account (e.g., administrator) on the portal. No additional authentication bypass is needed; the flaw lies in the lack of proper access controls for viewing and editing user data. The attacker can directly access the affected functionality.

Impact

A privileged user can view sensitive user data and modify user profiles, potentially leading to unauthorized changes to user accounts or disclosure of personal information. The risk rating is Low [1].

Mitigation

Broadcom has released a fix; customers should apply the latest security update as indicated in the advisory [1]. No workaround is mentioned. The fix addresses the access control flaw.

References
  1. Support Content Notification - Support Portal - Broadcom support portal

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.