CA API Developer Portal
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-11658 | Cri | 0.64 | 9.8 | 0.02 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization. | ||
| CVE-2020-11666 | Hig | 0.57 | 8.8 | 0.03 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges. | ||
| CVE-2020-11661 | Hig | 0.53 | 8.1 | 0.02 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data. | ||
| CVE-2020-11662 | Hig | 0.49 | 7.5 | 0.03 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information. | ||
| CVE-2020-11660 | Med | 0.42 | 6.5 | 0.01 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information. | ||
| CVE-2020-11665 | Med | 0.40 | 6.1 | 0.02 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | ||
| CVE-2020-11664 | Med | 0.40 | 6.1 | 0.01 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | ||
| CVE-2020-11663 | Med | 0.40 | 6.1 | 0.01 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks. | ||
| CVE-2020-11659 | Med | 0.28 | 4.3 | 0.01 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action. |
- risk 0.64cvss 9.8epss 0.02
CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.
- risk 0.57cvss 8.8epss 0.03
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges.
- risk 0.53cvss 8.1epss 0.02
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data.
- risk 0.49cvss 7.5epss 0.03
CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information.
- risk 0.42cvss 6.5epss 0.01
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information.
- risk 0.40cvss 6.1epss 0.02
CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
- risk 0.40cvss 6.1epss 0.01
CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
- risk 0.40cvss 6.1epss 0.01
CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks.
- risk 0.28cvss 4.3epss 0.01
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action.