API Developer Portal
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-11660 | 0.00 | — | 0.00 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information. | |||
| CVE-2020-11659 | 0.00 | — | 0.00 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action. | |||
| CVE-2020-11658 | 0.00 | — | 0.00 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization. | |||
| CVE-2020-11663 | 0.00 | — | 0.00 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks. | |||
| CVE-2020-11661 | 0.00 | — | 0.00 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data. | |||
| CVE-2020-11666 | 0.00 | — | 0.01 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges. | |||
| CVE-2020-11665 | 0.00 | — | 0.00 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | |||
| CVE-2020-11664 | 0.00 | — | 0.00 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | |||
| CVE-2018-6590 | 0.00 | — | 0.00 | Aug 3, 2018 | CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability. | |||
| CVE-2018-6586 | 0.00 | — | 0.00 | Mar 29, 2018 | CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing. | |||
| CVE-2018-6587 | 0.00 | — | 0.00 | Mar 29, 2018 | CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable. | |||
| CVE-2018-6588 | 0.00 | — | 0.00 | Mar 29, 2018 | CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer. |
- CVE-2020-11660Apr 15, 2020risk 0.00cvss —epss 0.00
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information.
- CVE-2020-11659Apr 15, 2020risk 0.00cvss —epss 0.00
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action.
- CVE-2020-11658Apr 15, 2020risk 0.00cvss —epss 0.00
CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.
- CVE-2020-11663Apr 15, 2020risk 0.00cvss —epss 0.00
CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks.
- CVE-2020-11661Apr 15, 2020risk 0.00cvss —epss 0.00
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data.
- CVE-2020-11666Apr 15, 2020risk 0.00cvss —epss 0.01
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges.
- CVE-2020-11665Apr 15, 2020risk 0.00cvss —epss 0.00
CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
- CVE-2020-11664Apr 15, 2020risk 0.00cvss —epss 0.00
CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
- CVE-2018-6590Aug 3, 2018risk 0.00cvss —epss 0.00
CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability.
- CVE-2018-6586Mar 29, 2018risk 0.00cvss —epss 0.00
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing.
- CVE-2018-6587Mar 29, 2018risk 0.00cvss —epss 0.00
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable.
- CVE-2018-6588Mar 29, 2018risk 0.00cvss —epss 0.00
CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer.