Описание
CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-11665
- https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html
- http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html
- http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2020/Apr/24
EPSS
Процентиль: 49%
0.00261
Низкий
CVE ID
Связанные уязвимости
CVSS3: 6.1
nvd
почти 6 лет назад
CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
EPSS
Процентиль: 49%
0.00261
Низкий