Vulnerabilities > Broadcom > CA API Developer Portal > 4.2.9.3

DATE CVE VULNERABILITY TITLE RISK
2020-04-15 CVE-2020-11660 Unspecified vulnerability in Broadcom CA API Developer Portal
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information.
network
low complexity
broadcom
6.5
6.5
2020-04-15 CVE-2020-11659 Authorization Bypass Through User-Controlled Key vulnerability in Broadcom CA API Developer Portal
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action.
network
low complexity
broadcom CWE-639
4.3
4.3
2020-04-15 CVE-2020-11658 Authorization Bypass Through User-Controlled Key vulnerability in Broadcom CA API Developer Portal
CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.
network
low complexity
broadcom CWE-639
critical
 9.8
9.8
2020-04-15 CVE-2020-11666 Unspecified vulnerability in Broadcom CA API Developer Portal
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges.
network
low complexity
broadcom
8.8
8.8
2020-04-15 CVE-2020-11665 Open Redirect vulnerability in Broadcom CA API Developer Portal
CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
network
low complexity
broadcom CWE-601
6.1
6.1
2020-04-15 CVE-2020-11664 Open Redirect vulnerability in Broadcom CA API Developer Portal
CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
network
low complexity
broadcom CWE-601
6.1
6.1
2020-04-15 CVE-2020-11663 Open Redirect vulnerability in Broadcom CA API Developer Portal
CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks.
network
low complexity
broadcom CWE-601
6.1
6.1
2020-04-15 CVE-2020-11662 Unspecified vulnerability in Broadcom CA API Developer Portal
CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information.
network
low complexity
broadcom
7.5
7.5
2020-04-15 CVE-2020-11661 Unspecified vulnerability in Broadcom CA API Developer Portal
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data.
network
low complexity
broadcom
8.1
8.1