CA20180802-01: Security Notice for CA API Developer Portal
1852
02 August 2018
02 August 2018
OPEN
Issued: August 02, 2018
Last Updated: August 02, 2018
CA Technologies Support is alerting customers to a potential risk with CA API Developer Portal. A medium risk vulnerability exists that can allow a remote attacker to conduct reflected cross-site scripting attacks. CA published solutions to address the vulnerability.
The vulnerability, CVE-2018-6590, occurs due to insufficient parameter filtering in the web user interface, which can allow a remote attacker to launch reflected cross-site scripting attacks.
Risk Rating
Medium
Platform(s)
All supported platforms
Affected Products
CA API Developer Portal v4.0
CA API Developer Portal v4.1
CA API Developer Portal v4.2.x
Unaffected Products
CA API Developer Portal v4.2.5.3 and later releases
CA API Developer Portal v4.2.7.1 and later releases
CA API Developer Portal v3.5
How to determine if the installation is affected
Customers may use the CA API Developer Portal web interface to find the product version and review the information in the Affected and Unaffected Products sections to determine if the installation is vulnerable.
Solution
CA Technologies published the following solutions to address the vulnerability.
CA API Developer Portal v4.0, v4.1, v4.2.x:
Customers should update to CA API Developer Portal v4.2.5.3, or v4.2.7.1, or a later release
CA API Developer product page
References
CVE-2018-6590 - CA API Developer Portal XSS
Acknowledgement
CVE-2018-6590 - Joe Schottman
Change History
Version 1.0: Initial Release
CA customers may receive product alerts and advisories by subscribing to Proactive Notifications.
Customers who require additional information about this notice may contact CA Technologies Support at http://support.ca.com/.
To report a suspected vulnerability in a CA Technologies product, please send a summary to the CA Technologies Product Vulnerability Response Team.