VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 15, 2020· Updated Aug 4, 2024

CVE-2020-11663

CVE-2020-11663

Description

CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CA API Developer Portal 4.3.1 and earlier mishandles 404 requests, allowing open redirect attacks.

Vulnerability

CA API Developer Portal versions 4.3.1 and earlier handle HTTP 404 (Not Found) page redirects in an insecure manner. This allows an attacker to craft a URL that, when visited by a user and resulting in a 404 error, redirects the user to an arbitrary external site.

Exploitation

An attacker can construct a specially crafted URL that triggers a 404 response in the portal. The attacker must trick a victim into clicking the malicious link, typically via social engineering or by embedding the link on a third-party site. No authentication or special network position is required.

Impact

A successful open redirect can be used to redirect users to malicious websites, facilitating phishing attacks or other social engineering schemes. The impact is limited to redirecting the victim's browser; no direct data compromise on the portal itself occurs.

Mitigation

Broadcom (CA Technologies) has released a fix as part of a security update. Affected customers should upgrade to a patched version of CA API Developer Portal as described in the vendor advisory [1].

References
  1. Support Content Notification - Support Portal - Broadcom support portal

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.