CVE-2018-6587

Published: Mar 29, 2018Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable.

Affected (7)

Products: Ca: Api Developer Portal

1 product

Api Developer Portal

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Ca Api Developer Portal	Version 3.5
Ca Api Developer Portal	Version 3.5 cr1
Ca Api Developer Portal	Version 3.5 cr2
Ca Api Developer Portal	Version 3.5 cr3
Ca Api Developer Portal	Version 3.5 cr4
Ca Api Developer Portal	Version 3.5 cr5
Ca Api Developer Portal	Version 3.5 cr6

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://www.securitytracker.com/id/1040603

Source: vuln@ca.com

Third Party AdvisoryVDB Entry

https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180328-01--security-notice-for-ca-api-developer-portal.html

Source: vuln@ca.com

PatchVendor Advisory

http://www.securitytracker.com/id/1040603

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180328-01--security-notice-for-ca-api-developer-portal.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.