73 matches found
Improper access control
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data...
Open redirect
CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks...
CVE-2020-11663
The CVE-2020-11663 entry affects CA API Developer Portal versions up to 4.3.1. The root cause is insecure handling of 404 responses, which can enable open redirect attacks. Exploitation details or affected environments are not provided in the connected documents; no patch/version remediations are...
CVE-2020-11663
CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks...
CVE-2020-11662
CVE-2020-11662 affects Broadcom CA API Developer Portal (4.3.1 and earlier). The root cause is insecure handling of Cross-Origin Resource Sharing (CORS), enabling remote attackers to access sensitive information via the portal. Exploitation details or explicit mitigations are not provided in the ...
CVE-2020-11662
CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information...
CVE-2020-11661
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data...
CVE-2020-11666
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges...
CVE-2020-11666
CVE-2020-11666 affects the Broadcom/CA API Developer Portal up to version 4.3.1. The connected sources confirm an access control flaw that lets an attacker escalate privileges via a specially crafted request, i.e., a remote privilege-escalation vulnerability . The vulnerability is tied to imprope...
CVE-2020-11665
The CVE-2020-11665 entry concerns CA API Developer Portal, version 4.3.1 and earlier, where the loginRedirect page redirects are handled insecurely, enabling open redirect attacks. Affected product/component: Broadcom CA API Developer Portal (loginRedirect flow). Root cause: insecure handling of ...
CVE-2020-11664
CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks...
CVE-2020-11664
CVE-2020-11664 affects Broadcom CA API Developer Portal (versions 4.3.1 and earlier). The issue is an insecure handling of the homeRedirect page that enables open redirect attacks due to an input validation error. Multiple connected sources confirm the vulnerability and affected product scope; ex...
CVE-2018-6590
CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability...
CVE-2018-6590
CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability...
Cross site scripting
CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability...
CVE-2018-6590
CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability...
CVE-2018-6590
CA API Developer Portal 4.x (before 4.2.5.3 and before 4.2.7.1) has a reflected cross-site scripting vulnerability. Root cause described as failure to filter HTML in user input; could allow remote attacker to execute arbitrary script in the user’s browser. Remediation: upgrade to 4.2.5.3+ or 4.2....
CVE-2018-6586
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing...
Cross site scripting
CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer...
Cross site scripting
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing...