exploitDog

CVE-2018-6587

Опубликовано: 29 мар. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable.

Ссылки

http://www.securitytracker.com/id/1040603
Third Party Advisory
VDB Entry
https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180328-01--security-notice-for-ca-api-developer-portal.html
Patch
Vendor Advisory
http://www.securitytracker.com/id/1040603
Third Party Advisory
VDB Entry
https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180328-01--security-notice-for-ca-api-developer-portal.html
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ca:api_developer_portal:3.5:*:*:*:*:*:*:*

cpe:2.3:a:ca:api_developer_portal:3.5:cr1:*:*:*:*:*:*

cpe:2.3:a:ca:api_developer_portal:3.5:cr2:*:*:*:*:*:*

cpe:2.3:a:ca:api_developer_portal:3.5:cr3:*:*:*:*:*:*

cpe:2.3:a:ca:api_developer_portal:3.5:cr4:*:*:*:*:*:*

cpe:2.3:a:ca:api_developer_portal:3.5:cr5:*:*:*:*:*:*

cpe:2.3:a:ca:api_developer_portal:3.5:cr6:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00233

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-xhcf-wm8x-cp97

CVSS3: 6.1

github

больше 3 лет назад

CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable.

EPSS

Процентиль: 46%

0.00233

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

CWE-79