Vulnerability Details CVE-2020-11660
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.2%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2020/Apr/24
- https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html
- http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2020/Apr/24
- https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html
Products affected by CVE-2020-11660
-
cpe:2.3:a:broadcom:ca_api_developer_portal:3.5
-
cpe:2.3:a:broadcom:ca_api_developer_portal:4.0
-
cpe:2.3:a:broadcom:ca_api_developer_portal:4.1
-
cpe:2.3:a:broadcom:ca_api_developer_portal:4.2
-
cpe:2.3:a:broadcom:ca_api_developer_portal:4.2.0
-
cpe:2.3:a:broadcom:ca_api_developer_portal:4.2.2
-
cpe:2.3:a:broadcom:ca_api_developer_portal:4.2.3
-
cpe:2.3:a:broadcom:ca_api_developer_portal:4.2.5.1
-
cpe:2.3:a:broadcom:ca_api_developer_portal:4.2.5.2
-
cpe:2.3:a:broadcom:ca_api_developer_portal:4.2.5.3
-
cpe:2.3:a:broadcom:ca_api_developer_portal:4.2.5.4
-
cpe:2.3:a:broadcom:ca_api_developer_portal:4.2.7
-
cpe:2.3:a:broadcom:ca_api_developer_portal:4.2.7.1
-
cpe:2.3:a:broadcom:ca_api_developer_portal:4.2.7.4
-
cpe:2.3:a:broadcom:ca_api_developer_portal:4.2.7.5
-
cpe:2.3:a:broadcom:ca_api_developer_portal:4.2.7.6
-
cpe:2.3:a:broadcom:ca_api_developer_portal:4.2.7.7
-
cpe:2.3:a:broadcom:ca_api_developer_portal:4.2.7.8
-
cpe:2.3:a:broadcom:ca_api_developer_portal:4.2.9.1
-
cpe:2.3:a:broadcom:ca_api_developer_portal:4.2.9.2
-
cpe:2.3:a:broadcom:ca_api_developer_portal:4.2.9.3
-
cpe:2.3:a:broadcom:ca_api_developer_portal:4.3.1