CA API Developer Portal Security Vulnerabilities

CVE-2020-11658

CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass...

CVE-2020-11660

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive...

CVE-2020-11659

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration...

CVE-2020-11665

CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect...

CVE-2020-11666

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate...

CVE-2020-11661

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user...

CVE-2020-11663

CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect...

CVE-2020-11662

CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive...

CVE-2020-11664

CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect...

CVE-2018-6590

CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting...

CVE-2018-6588

CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the...

CVE-2018-6586

CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture...

CVE-2018-6587

CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID...