CA API Developer Portal HTML Injection and Multiple Cross Site Scripting Vulnerabilities
BID:103744
Info
CA API Developer Portal HTML Injection and Multiple Cross Site Scripting Vulnerabilities
| Bugtraq ID: | 103744 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-6586 CVE-2018-6587 CVE-2018-6588 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 28 2018 12:00AM |
| Updated: | Mar 28 2018 12:00AM |
| Credit: | Alphan Yavas from Biznet Bilisim A.S. |
| Vulnerable: |
Ca API Developer Portal 3.5 CR6 Ca API Developer Portal 3.5 CR5 Ca API Developer Portal 3.5 CR4 Ca API Developer Portal 3.5 CR1 Ca API Developer Portal 3.5 |
| Not Vulnerable: |
Ca API Developer Portal 4 Ca API Developer Portal 3.5 CR7 |
Discussion
CA API Developer Portal HTML Injection and Multiple Cross Site Scripting Vulnerabilities
CA API Developer Portal is prone to an HTML-injection vulnerability and multiple cross-site scripting vulnerabilities.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
API Developer Portal 3.5 through and including CR6 are vulnerable.
CA API Developer Portal is prone to an HTML-injection vulnerability and multiple cross-site scripting vulnerabilities.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
API Developer Portal 3.5 through and including CR6 are vulnerable.
Solution / Fix
CA API Developer Portal HTML Injection and Multiple Cross Site Scripting Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.