CVE-2020-11658

CWE-639Insecure Direct Object Reference3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.2%
top 52.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Broadcom CA API Developer Portal
Timeline
PublishedApr 15
Latest updateMay 24

Description

CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5ca_api_developer_portal4.3.1 and earlier

🔴Vulnerability Details

2
GHSA
GHSA-8mwq-82jg-rcwh: CA API Developer Portal 42022-05-24
CVEList
CVE-2020-11658: CA API Developer Portal 42020-04-15
CVE-2020-11658 (CRITICAL CVSS 9.8) | CA API Developer Portal 4.3.1 and e | cvebase.io