-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CA20180802-01: Security Notice for CA API Developer Portal Issued: August 2, 2018 Last Updated: August 2, 2018 CA Technologies Support is alerting customers to a potential risk with CA API Developer Portal. A medium risk vulnerability exists that can allow a remote attacker to conduct reflected cross-site scripting attacks. CA published solutions to address the vulnerability. The vulnerability, CVE-2018-6590, occurs due to insufficient parameter filtering in the web user interface, which can allow a remote attacker to launch reflected cross-site scripting attacks. Risk Rating Medium Platform(s) All supported platforms Affected Products CA API Developer Portal v4.0 CA API Developer Portal v4.1 CA API Developer Portal v4.2.x Unaffected Products CA API Developer Portal v4.2.5.3 and later releases CA API Developer Portal v4.2.7.1 and later releases CA API Developer Portal v3.5 How to determine if the installation is affected Customers may use the CA API Developer Portal web interface to find the product version and review the information in the Affected and Unaffected Products sections to determine if the installation is vulnerable. Solution CA Technologies published the following solutions to address the vulnerability. CA API Developer Portal v4.0, v4.1, v4.2.x: Customers should update to CA API Developer Portal v4.2.5.3, or v4.2.7.1, or a later release References CVE-2018-6590 - CA API Developer Portal XSS Acknowledgement CVE-2018-6590 - Joe Schottman Change History Version 1.0: Initial Release Customers who require additional information about this notice may contact CA Technologies Support at https://support.ca.com/ To report a suspected vulnerability in a CA Technologies product, please send a summary to CA Technologies Product Vulnerability Response at vuln <AT> ca.com Security Notices and PGP key support.ca.com/irj/portal/anonymous/phpsbpldgpg www.ca.com/us/support/ca-support-online/documents.aspx?id=177782 Regards, Kevin Kotas Vulnerability Response Director CA Technologies Product Vulnerability Response Copyright (c) 2018 CA. 520 Madison Avenue, 22nd Floor, New York, NY 10022. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies. -----BEGIN PGP SIGNATURE----- Charset: utf-8 wsFVAwUBW2M077lJjor7ahBNAQgOwRAAjR6hCmtyrcjMxSrvsIebZ/ehA9jG1Ukd 3tQA7DFn2afh2CnfpjnMAR5/rMgazVUeYytRxJWTiwhmPH88/F5YnC3ntif4qdJN eLDnRRTR4j1mbA+ykUPapWRUtEICN+6MfAKsdGxhvl3rRzl2vIWPUQmDNFqMurjX OYxhnqTzynH4ktTPIaMjW/x27qzU6QH6Qtk1bgHZSQEx/yjWHhQYKtGdo+BsPepO XPfbJysW+LNKCqjrOiHuqmx02h+xyg9dgdv+01CNowIjH3EYWQuMlZUn8ziO2wYw mmcccYnNoB+cLu4EXVHzDdTy8UwmQLCPI9+snIK4bBy1Lz+PhbP5wx+72FqubGnQ GsmTLkPt1ciuWgKmXMzdJ4n2PsEV3i3IgwqWter9Xd3qKpjAzOB3K1ptTc4XlQ2K flL7jx0WvAJDbNcUIcL9aLuXhj1sd0EdTMmFNZ+8i9B16Lr+pEfb+ED++Egq21SZ hlylP5IPh2zG1zyeFjKh6PWPCKxgizb5wBrizdOvTQ36TaMD7AwyU0Sid99Ugg7H h5wkgamEDcueVeP7ky3JaDERGe861kd0foK+3EHRKtSqL4G0WkmW/rlbtUk66son NMIGJeNs+BYZmb99klcvx5oYJDX7xzAmlksCefyU0ecmQFAF9uaCbpx3glzGqqtr wRn+ch6QhSk= =dpCJ -----END PGP SIGNATURE-----
