Open Redirect Vulnerability in CA API Developer Portal by Broadcom
CVE-2020-11663

6.1MEDIUM

Key Information:

Vendor
Broadcom
Status
Ca Api Developer Portal
Vendor
CVE Published:
15 April 2020

Summary

The CA API Developer Portal versions prior to 4.3.1 are vulnerable to an open redirect issue, where improper handling of 404 requests allows attackers to redirect users to malicious sites. This can lead to phishing attacks or exploitation of unsuspecting users. Organizations using these affected versions are advised to apply necessary updates to mitigate this vulnerability and secure their API management environments.

Affected Version(s)

CA API Developer Portal 4.3.1 and earlier

References

https://techdocs.broadcom.com/us/product-content/status/a...
x_refsource_MISC
http://packetstormsecurity.com/files/157244/CA-API-Develo...
x_refsource_MISC
http://seclists.org/fulldisclosure/2020/Apr/24
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.