7419 matches found
Improper access control
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information...
Authorization
CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization...
CVE-2020-11660
Technical details about CVE-2020-11660 are not publicly available in the provided documents beyond the general description of an access control flaw. Monitor for updates from vendors and security advisories to obtain specifics about affected versions, impact, and remediation.
CVE-2020-11660
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information...
CVE-2020-11659
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action...
CVE-2020-11659
CVE-2020-11659 affects CA API Developer Portal (Broadcom) 4.3.1 and earlier. The connected sources consistently describe an access-control flaw that lets privileged users perform a restricted user administration action, indicating a privilege-escalation risk affecting the portal’s admin functiona...
CVE-2020-11658
CVE-2020-11658 affects the Broadcom/CA API Developer Portal (versions 4.3.1 and earlier). The root cause is insecure handling of shared secret keys, which can let an attacker bypass authorization. The issue is classified with high to critical impact (CVSS scores: CVSS v3.1 base 9.8, HIGH confiden...
CVE-2020-11658
CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization...
CVE-2020-11665
CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks...
CVE-2020-11665
CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks...
CVE-2020-11666
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges...
CVE-2020-11666
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges...
CVE-2020-11661
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data...
CVE-2020-11661
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data...
CVE-2020-11664
CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks...
CVE-2020-11663
CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks...
Information disclosure
CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information...
Open redirect
CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks...
Open redirect
CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks...
Open redirect
CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks...