Twenty Year Anniversary

CA API Developer Portal Cross Site Scripting

CA API Developer Portal Cross Site Scripting
Posted Aug 6, 2018
Authored by Kevin Kotas, Joe Schottman | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA API Developer Portal. A medium risk vulnerability exists that can allow a remote attacker to conduct reflected cross-site scripting attacks. CA published solutions to address the vulnerability. The vulnerability occurs due to insufficient parameter filtering in the web user interface, which can allow a remote attacker to launch reflected cross-site scripting attacks.

tags | advisory, remote, web, xss
advisories | CVE-2018-6590
MD5 | add512fadcb03afec9eee769e4fca170

CA API Developer Portal Cross Site Scripting

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CA20180802-01: Security Notice for CA API Developer Portal

Issued: August 2, 2018
Last Updated: August 2, 2018

CA Technologies Support is alerting customers to a potential risk
with CA API Developer Portal. A medium risk vulnerability exists that
can allow a remote attacker to conduct reflected cross-site scripting
attacks. CA published solutions to address the vulnerability.

The vulnerability, CVE-2018-6590, occurs due to insufficient
parameter filtering in the web user interface, which can allow a
remote attacker to launch reflected cross-site scripting attacks.

Risk Rating

Medium

Platform(s)

All supported platforms

Affected Products

CA API Developer Portal v4.0
CA API Developer Portal v4.1
CA API Developer Portal v4.2.x

Unaffected Products

CA API Developer Portal v4.2.5.3 and later releases
CA API Developer Portal v4.2.7.1 and later releases
CA API Developer Portal v3.5

How to determine if the installation is affected

Customers may use the CA API Developer Portal web interface to find
the product version and review the information in the Affected and
Unaffected Products sections to determine if the installation is
vulnerable.

Solution

CA Technologies published the following solutions to address the
vulnerability.

CA API Developer Portal v4.0, v4.1, v4.2.x:
Customers should update to CA API Developer Portal v4.2.5.3,
or v4.2.7.1, or a later release

References

CVE-2018-6590 - CA API Developer Portal XSS

Acknowledgement

CVE-2018-6590 - Joe Schottman

Change History

Version 1.0: Initial Release

Customers who require additional information about this notice may
contact CA Technologies Support at https://support.ca.com/

To report a suspected vulnerability in a CA Technologies product,
please send a summary to CA Technologies Product Vulnerability
Response at vuln <AT> ca.com

Security Notices and PGP key
support.ca.com/irj/portal/anonymous/phpsbpldgpg
www.ca.com/us/support/ca-support-online/documents.aspx?id=177782

Regards,

Kevin Kotas
Vulnerability Response Director
CA Technologies Product Vulnerability Response

Copyright (c) 2018 CA. 520 Madison Avenue, 22nd Floor, New York, NY
10022. All other trademarks, trade names, service marks, and logos
referenced herein belong to their respective companies.

-----BEGIN PGP SIGNATURE-----
Charset: utf-8

wsFVAwUBW2M077lJjor7ahBNAQgOwRAAjR6hCmtyrcjMxSrvsIebZ/ehA9jG1Ukd
3tQA7DFn2afh2CnfpjnMAR5/rMgazVUeYytRxJWTiwhmPH88/F5YnC3ntif4qdJN
eLDnRRTR4j1mbA+ykUPapWRUtEICN+6MfAKsdGxhvl3rRzl2vIWPUQmDNFqMurjX
OYxhnqTzynH4ktTPIaMjW/x27qzU6QH6Qtk1bgHZSQEx/yjWHhQYKtGdo+BsPepO
XPfbJysW+LNKCqjrOiHuqmx02h+xyg9dgdv+01CNowIjH3EYWQuMlZUn8ziO2wYw
mmcccYnNoB+cLu4EXVHzDdTy8UwmQLCPI9+snIK4bBy1Lz+PhbP5wx+72FqubGnQ
GsmTLkPt1ciuWgKmXMzdJ4n2PsEV3i3IgwqWter9Xd3qKpjAzOB3K1ptTc4XlQ2K
flL7jx0WvAJDbNcUIcL9aLuXhj1sd0EdTMmFNZ+8i9B16Lr+pEfb+ED++Egq21SZ
hlylP5IPh2zG1zyeFjKh6PWPCKxgizb5wBrizdOvTQ36TaMD7AwyU0Sid99Ugg7H
h5wkgamEDcueVeP7ky3JaDERGe861kd0foK+3EHRKtSqL4G0WkmW/rlbtUk66son
NMIGJeNs+BYZmb99klcvx5oYJDX7xzAmlksCefyU0ecmQFAF9uaCbpx3glzGqqtr
wRn+ch6QhSk=
=dpCJ
-----END PGP SIGNATURE-----


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

August 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    19 Files
  • 2
    Aug 2nd
    17 Files
  • 3
    Aug 3rd
    16 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    1 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    9 Files
  • 9
    Aug 9th
    7 Files
  • 10
    Aug 10th
    10 Files
  • 11
    Aug 11th
    1 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    14 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close