Vulnerabilities > CVE-2020-11658 - Authorization Bypass Through User-Controlled Key vulnerability in Broadcom CA API Developer Portal
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Common Weakness Enumeration (CWE)
References
- http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2020/Apr/24
- https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html