CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass...
9.8CVSS
9.3AI Score
0.004EPSS
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive...
6.5CVSS
6.3AI Score
0.001EPSS
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration...
4.3CVSS
4.5AI Score
0.001EPSS
CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect...
6.1CVSS
6.2AI Score
0.002EPSS
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate...
8.8CVSS
8.6AI Score
0.003EPSS
CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect...
6.1CVSS
6.2AI Score
0.002EPSS
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user...
8.1CVSS
7.8AI Score
0.002EPSS
CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive...
7.5CVSS
7.5AI Score
0.006EPSS
CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect...
6.1CVSS
6.2AI Score
0.002EPSS
CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting...
6.1CVSS
6AI Score
0.001EPSS
CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the...
6.1CVSS
6AI Score
0.001EPSS
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture...
6.1CVSS
5.9AI Score
0.001EPSS
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID...
6.1CVSS
6AI Score
0.001EPSS