CVE-2020-11665
Description
CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
References
Vendor Advisory
Third Party AdvisoryVDB Entry
Mailing ListThird Party Advisory
Third Party AdvisoryVDB Entry
CvssV3 impact
Version | 3.1 |
VectorString | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
AttackVector | NETWORK |
AttackComplexity | LOW |
PrivilegesRequired | NONE |
UserInteraction | REQUIRED |
Scope | CHANGED |
ConfidentialityImpact | LOW |
IntegrityImpact | LOW |
AvailabilityImpact | NONE |
BaseScore | 6.1 |
BaseSeverity | MEDIUM |
CvssV2 impact
Version | 2.0 |
VectorString | AV:N/AC:M/Au:N/C:P/I:P/A:N |
AccessVector | NETWORK |
AccessComplexity | MEDIUM |
Authentication | NONE |
ConfidentialityImpact | PARTIAL |
IntegrityImpact | PARTIAL |
AvailabilityImpact | NONE |
BaseScore | 5.800000190734863 |