Issued: August 02, 2018
Last Updated: August 02, 2018
CA Technologies Support is alerting customers to a potential risk with CA API Developer Portal. A medium risk vulnerability exists that can allow a remote attacker to conduct reflected cross-site scripting attacks. CA published solutions to address the vulnerability.
The vulnerability, CVE-2018-6590, occurs due to insufficient parameter filtering in the web user interface, which can allow a remote attacker to launch reflected cross-site scripting attacks.
All supported platforms
CA API Developer Portal v4.0
CA API Developer Portal v4.1
CA API Developer Portal v4.2.x
CA API Developer Portal v184.108.40.206 and later releases
CA API Developer Portal v220.127.116.11 and later releases
CA API Developer Portal v3.5
How to determine if the installation is affected
Customers may use the CA API Developer Portal web interface to find the product version and review the information in the Affected and Unaffected Products sections to determine if the installation is vulnerable.
CA Technologies published the following solutions to address the vulnerability.
CA API Developer Portal v4.0, v4.1, v4.2.x:
Customers should update to CA API Developer Portal v18.104.22.168, or v22.214.171.124, or a later release
CA API Developer product page
CVE-2018-6590 - CA API Developer Portal XSS
CVE-2018-6590 - Joe Schottman
Version 1.0: Initial Release
CA customers may receive product alerts and advisories by subscribing to Proactive Notifications.
Customers who require additional information about this notice may contact CA Technologies Support at http://support.ca.com/.
To report a suspected vulnerability in a CA Technologies product, please send a summary to the CA Technologies Product Vulnerability Response Team.