CVE-2020-11658

2020-04-1520:46:55

www.cve.org

9.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.8%

JSON

CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.

CNA Affected

[
  {
    "product": "CA API Developer Portal",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "4.3.1 and earlier"
      }
    ]
  }
]

References

packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html

seclists.org/fulldisclosure/2020/Apr/24

techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html