Support Content Notification - Support Portal

CA20200414-01: Security Notice for CA API Developer Portal

Product/Component

Notification Id

7833

Last Updated

24 July 2020

Initial Publication Date

08 August 2016

Status

OPEN

Severity

CVSS Base Score

WorkAround

Affected CVE

Issued: April 14th, 2020

Last Updated: April 15th, 2020

CA Technologies, A Broadcom Company, is alerting customers to multiple vulnerabilities in CA API Developer Portal. Multiple vulnerabilities exist that can allow attackers to bypass access controls, view or modify sensitive information, perform open redirect attacks, or elevate privileges. CA published solutions to address these vulnerabilities and recommends that all affected customers implement these solutions.

The first vulnerability, CVE-2020-11658, occurs due insecure handling of shared secret keys. An attacker can bypass authorization.

The second vulnerability, CVE-2020-11659, occurs due to an access control flaw. A privileged user can perform a restricted user administration action.

The third vulnerability, CVE-2020-11660, occurs due to an access control flaw. A privileged user can view restricted sensitive information.

The fourth vulnerability, CVE-2020-11661, occurs due to an access control flaw. A privileged user can view and edit user data.

The fifth vulnerability, CVE-2020-11662, occurs due to insecure request handling. A remote attacker can exploit Cross-Origin Resource Sharing to access sensitive information.

The sixth vulnerability, CVE-2020-11663, occurs due to insecure redirect handling of 404 requests. An attacker can perform open redirect attacks.

The seventh vulnerability, CVE-2020-11664, occurs due to insecure redirect handling in the homeRedirect page. An attacker can perform open redirect attacks.

The eighth vulnerability, CVE-2020-11665, occurs due to insecure redirect handling in the loginRedirect page. An attacker can perform open redirect attacks.

The ninth vulnerability, CVE-2020-11666, occurs due to an access control flaw. A malicious user can elevate privileges.

Risk Rating

CVE-2020-11658 - Medium

CVE-2020-11659 - Low

CVE-2020-11660 - Low

CVE-2020-11661 - Low

CVE-2020-11662 - Medium

CVE-2020-11663 - Low

CVE-2020-11664 - Low

CVE-2020-11665 - Low

CVE-2020-11666 - High

Platform(s)

All supported platforms

Affected Products

CA API Developer Portal EE 4.3.1

CA API Developer Portal EE 4.0 to 4.2.x

How to determine if the installation is affected

Check the version number on the login page of API Developer Portal.

Solution

CA Technologies published the following solutions to address the vulnerabilities:

Upgrade to CA API Developer Portal EE 4.3.2, 4.4, or 4.5 (or later when available).

https://support.broadcom.com/

References

CVE-2020-11658 - API Dev Portal reset shared secret auth bypass

CVE-2020-11659 - API Dev Portal auth schema bypass del user

CVE-2020-11660 - API Dev Portal auth schema bypass info disclosure

CVE-2020-11661 - API Dev Portal auth schema bypass edit user

CVE-2020-11662 - API Dev Portal CORS info disclosure

CVE-2020-11663 - API Dev Portal 404 open redirect

CVE-2020-11664 - API Dev Portal homeRedirect open redirect

CVE-2020-11665 - API Dev Portal loginRedirect open redirect

CVE-2020-11666 - API Dev Portal privilege elevation

Acknowledgement

CVE-2020-11658 - Matteo Civera

CVE-2020-11659 - Roman Paci

CVE-2020-11660 - Matteo Civera

CVE-2020-11661 - Roman Paci

CVE-2020-11662 - Roman Paci

CVE-2020-11663 - Roman Paci

CVE-2020-11664 - Roman Paci

CVE-2020-11665 - Roman Paci

CVE-2020-11666 - Roman Paci

Change History

Version 1.0: 2020-04-14 - Initial Release
Version 1.1: 2020-04-15 – Clarified Affected Products section to confirm that only the Enhanced Experience (EE) branch is vulnerable. Document formatting improved.

CA customers may receive product alerts and advisories by subscribing to Proactive Notifications.

Customers who require additional information about this notice may contact CA Technologies Support at https://support.broadcom.com/.

To report a suspected vulnerability in a CA Technologies product, please send a summary to the CA Technologies Product Vulnerability Response Team.

Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse logo, Connecting everything, CA Technologies and the CA technologies logo are among the trademarks of Broadcom. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies.