Broadcom Ca Api Developer Portal vulnerabilities

10 known vulnerabilities affecting broadcom/ca_api_developer_portal.

Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM6

Vulnerabilities

Page 1 of 1
CVE-2020-11658CRITICALCVSS 9.8≤ 4.3.12020-04-15
CVE-2020-11658 [CRITICAL] CWE-639 CVE-2020-11658: CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which al CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.
nvd
CVE-2020-11661HIGHCVSS 8.1≥ 4.0, ≤ 4.3.12020-04-15
CVE-2020-11661 [HIGH] CVE-2020-11661: CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged use CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data.
nvd
CVE-2020-11662HIGHCVSS 7.5≥ 4.0, ≤ 4.3.12020-04-15
CVE-2020-11662 [HIGH] CVE-2020-11662: CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information.
nvd
CVE-2020-11666HIGHCVSS 8.8≥ 4.0, ≤ 4.3.12020-04-15
CVE-2020-11666 [HIGH] CVE-2020-11666: CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious user CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges.
nvd
CVE-2020-11665MEDIUMCVSS 6.1≥ 4.0, ≤ 4.3.12020-04-15
CVE-2020-11665 [MEDIUM] CWE-601 CVE-2020-11665: CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
nvd
CVE-2020-11663MEDIUMCVSS 6.1≥ 4.0, ≤ 4.3.12020-04-15
CVE-2020-11663 [MEDIUM] CWE-601 CVE-2020-11663: CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows a CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks.
nvd
CVE-2020-11660MEDIUMCVSS 6.5≤ 4.3.12020-04-15
CVE-2020-11660 [MEDIUM] CVE-2020-11660: CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged use CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information.
nvd
CVE-2020-11659MEDIUMCVSS 4.3≤ 4.3.12020-04-15
CVE-2020-11659 [MEDIUM] CWE-639 CVE-2020-11659: CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged use CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action.
nvd
CVE-2020-11664MEDIUMCVSS 6.1≥ 4.0, ≤ 4.3.12020-04-15
CVE-2020-11664 [MEDIUM] CWE-601 CVE-2020-11664: CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
nvd
CVE-2018-6590MEDIUMCVSS 6.1≥ 4.2.0, < 4.2.5.3v4.0+1 more2018-08-03
CVE-2018-6590 [MEDIUM] CWE-79 CVE-2018-6590: CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability.
nvd