Broadcom Ca Api Developer Portal — known CVE vulnerabilities
Every CVE whose affected-product data names Broadcom Ca Api Developer Portal, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2020-11658 — CVSS 9.8 (critical): CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.
CVE-2020-11666 — CVSS 8.8 (high): CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges.
CVE-2020-11661 — CVSS 8.1 (high): CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data.
CVE-2020-11662 — CVSS 7.5 (high): CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource…
CVE-2020-11660 — CVSS 6.5 (medium): CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive…
CVE-2018-6590 — CVSS 6.1 (medium): CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability.
CVE-2020-11663 — CVSS 6.1 (medium): CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect…
CVE-2020-11664 — CVSS 6.1 (medium): CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open…
CVE-2020-11665 — CVSS 6.1 (medium): CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform…
CVE-2020-11659 — CVSS 4.3 (medium): CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user…