CVE-2020-11660
Description
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information.
References
Vendor Advisory
Mailing ListThird Party Advisory
Third Party Advisory
CvssV3 impact
Version | 3.1 |
VectorString | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
AttackVector | NETWORK |
AttackComplexity | LOW |
PrivilegesRequired | LOW |
UserInteraction | NONE |
Scope | UNCHANGED |
ConfidentialityImpact | HIGH |
IntegrityImpact | NONE |
AvailabilityImpact | NONE |
BaseScore | 6.5 |
BaseSeverity | MEDIUM |
CvssV2 impact
Version | 2.0 |
VectorString | AV:N/AC:L/Au:S/C:P/I:N/A:N |
AccessVector | NETWORK |
AccessComplexity | LOW |
Authentication | SINGLE |
ConfidentialityImpact | PARTIAL |
IntegrityImpact | NONE |
AvailabilityImpact | NONE |
BaseScore | 4 |