exploitDog

CVE-2020-11661

Опубликовано: 15 апр. 2020

Источник: nvd

CVSS3: 8.1

CVSS2: 5.5

EPSS Низкий

Описание

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data.

Ссылки

http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2020/Apr/24
Mailing List
Third Party Advisory
https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html
Vendor Advisory
http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2020/Apr/24
Mailing List
Third Party Advisory
https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:broadcom:ca_api_developer_portal:*:*:*:*:*:*:*:*

Версия от 4.0 (включая) до 4.3.1 (включая)

EPSS

Процентиль: 56%

0.0034

Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-jppr-v7v7-49m8

github

больше 3 лет назад

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data.

EPSS

Процентиль: 56%

0.0034

Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo