Cross-Origin Resource Sharing Vulnerability in CA API Developer Portal by Broadcom
CVE-2020-11662

7.5HIGH

Key Information:

Vendor

Broadcom
Status
Ca Api Developer Portal
Vendor
CVE Published:
15 April 2020

What is CVE-2020-11662?

The CA API Developer Portal, specifically versions 4.3.1 and earlier, is susceptible to a security flaw associated with Cross-Origin Resource Sharing (CORS). This vulnerability enables remote attackers to potentially exploit the system, allowing unauthorized access to sensitive information. By manipulating CORS requests, attackers can bypass security controls, posing a risk to data integrity and confidentiality. Organizations using affected versions should apply necessary patches to mitigate this exposure.

Affected Version(s)

CA API Developer Portal 4.3.1 and earlier

References

https://techdocs.broadcom.com/us/product-content/status/a...
x_refsource_MISC
http://packetstormsecurity.com/files/157244/CA-API-Develo...
x_refsource_MISC
http://seclists.org/fulldisclosure/2020/Apr/24
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.