CA API Developer Portal 4.3.1 and previous versions contains an access control flaw that allows privileged users to view and edit user data.
broadcom ca api developer portal