CVE-2020-11658

Critical

CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.

ca·CWE-639·Published 2020-04-15

CVSS

9.8

EPSS

0.02

KEV

Exploits

cve.orgen

139 chars

CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.

NVDen

139 chars

CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.

CA API Developer Portal versiones 4.3.1 y anteriores, manejan claves secretas compartidas de manera no segura, que permite a atacantes omitir la autorización.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H