CVE-2020-11665
Description
CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CA API Developer Portal versions 4.3.1 and earlier contain an open redirect vulnerability via the loginRedirect page, enabling phishing attacks.
Vulnerability
CVE-2020-11665 is an open redirect vulnerability in the CA API Developer Portal, affecting versions 4.3.1 and earlier. The flaw exists in the loginRedirect page, where redirects are handled in an insecure manner [1]. An attacker can craft a URL that leverages this page to redirect a user to an arbitrary external site.
Exploitation
An attacker can exploit this vulnerability by crafting a malicious URL that uses the loginRedirect endpoint to redirect unsuspecting users to an attacker-controlled external site. The attacker does not require authentication or any special privileges to carry out the attack [1]. The victim must simply click on the crafted link.
Impact
Successful exploitation allows an attacker to perform an open redirect attack. This can be leveraged for phishing campaigns, where a user trusts the legitimate portal domain and is then redirected to a malicious site, potentially leading to credential theft or malware installation. The risk rating for this CVE is Low [1].
Mitigation
Broadcom (CA Technologies) has published a security notice and recommends that affected customers implement the provided solutions [1]. While the specific patch version is not listed in the available references, users should upgrade to a fixed version as per vendor guidance. No workaround is disclosed.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- CA/API Developer Portaldescription
- Range: <=4.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.htmlmitrex_refsource_MISC
- packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2020/Apr/24mitremailing-listx_refsource_FULLDISC
- techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.