Vulnerabilities > CVE-2020-11658 - Authorization Bypass Through User-Controlled Key vulnerability in Broadcom CA API Developer Portal
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html
- http://seclists.org/fulldisclosure/2020/Apr/24
- http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html