-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT External Security Bulletin Redistribution
CA20200414-01: Security Notice for CA API Developer Portal
17 April 2020
AusCERT Security Bulletin Summary
Product: CA API Developer Portal
Publisher: CA Technologies
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Administrator Compromise -- Existing Account
Access Privileged Data -- Existing Account
Provide Misleading Information -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
CVE Names: CVE-2020-11666 CVE-2020-11665 CVE-2020-11664
CVE-2020-11663 CVE-2020-11662 CVE-2020-11661
CVE-2020-11660 CVE-2020-11659 CVE-2020-11658
- --------------------------BEGIN INCLUDED TEXT--------------------
CA20200414-01: Security Notice for CA API Developer Portal
Issued: April 14th, 2020
Last Updated: April 14th, 2020
CA Technologies, A Broadcom Company, is alerting customers to multiple
vulnerabilities in CA API Developer Portal. Multiple vulnerabilities exist that
can allow attackers to bypass access controls, view or modify sensitive
information, perform open redirect attacks, or elevate privileges. CA published
solutions to address these vulnerabilities and recommends that all affected
customers implement these solutions.
The first vulnerability, CVE-2020-11658, occurs due insecure handling of shared
secret keys. An attacker can bypass authorization.
The second vulnerability, CVE-2020-11659, occurs due to an access control flaw.
A privileged user can perform a restricted user administration action.
The third vulnerability, CVE-2020-11660, occurs due to an access control flaw.
A privileged user can view restricted sensitive information.
The fourth vulnerability, CVE-2020-11661, occurs due to an access control flaw.
A privileged user can view and edit user data.
The fifth vulnerability, CVE-2020-11662, occurs due to insecure request
handling. A remote attacker can exploit Cross-Origin Resource Sharing to access
The sixth vulnerability, CVE-2020-11663, occurs due to insecure redirect
handling of 404 requests. An attacker can perform open redirect attacks.
The seventh vulnerability, CVE-2020-11664, occurs due to insecure redirect
handling in the homeRedirect page. An attacker can perform open redirect
The eighth vulnerability, CVE-2020-11665, occurs due to insecure redirect
handling in the loginRedirect page. An attacker can perform open redirect
The ninth vulnerability, CVE-2020-11666, occurs due to an access control flaw.
A malicious user can elevate privileges.
CVE-2020-11658 - Medium
CVE-2020-11659 - Low
CVE-2020-11660 - Low
CVE-2020-11661 - Low
CVE-2020-11662 - Medium
CVE-2020-11663 - Low
CVE-2020-11664 - Low
CVE-2020-11665 - Low
CVE-2020-11666 - High
All supported platforms
CA API Developer Portal 4.3.1
CA API Developer Portal 4.2.x and earlier
How to determine if the installation is affected
Check the version number on the login page of API Developer Portal.
CA Technologies published the following solutions to address the
Upgrade to CA API Developer Portal 4.3.2, 4.4, or 4.5 (or later when
CVE-2020-11658 - API Dev Portal reset shared secret auth bypass
CVE-2020-11659 - API Dev Portal auth schema bypass del user
CVE-2020-11660 - API Dev Portal auth schema bypass info disclosure
CVE-2020-11661 - API Dev Portal auth schema bypass edit user
CVE-2020-11662 - API Dev Portal CORS info disclosure
CVE-2020-11663 - API Dev Portal 404 open redirect
CVE-2020-11664 - API Dev Portal homeRedirect open redirect
CVE-2020-11665 - API Dev Portal loginRedirect open redirect
CVE-2020-11666 - API Dev Portal privilege elevation
CVE-2020-11658 - Matteo Civera
CVE-2020-11659 - Roman Paci
CVE-2020-11660 - Matteo Civera
CVE-2020-11661 - Roman Paci
CVE-2020-11662 - Roman Paci
CVE-2020-11663 - Roman Paci
CVE-2020-11664 - Roman Paci
CVE-2020-11665 - Roman Paci
CVE-2020-11666 - Roman Paci
Version 1.0: 2020-04-14 - Initial Release
CA customers may receive product alerts and advisories by subscribing to
Proactive Notifications .
Customers who require additional information about this notice may contact CA
Technologies Support at https://support.broadcom.com/ .
To report a suspected vulnerability in a CA Technologies product, please send a
summary to the CA Technologies Product Vulnerability Response Team .
Copyright (C) 2020 Broadcom. All Rights Reserved. The term "Broadcom" refers to
Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse logo, Connecting
everything, CA Technologies and the CA technologies logo are among the
trademarks of Broadcom. All trademarks, trade names, service marks and logos
referenced herein belong to their respective companies.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to email@example.com
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: firstname.lastname@example.org
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----