Muhammad Abdul Aalim Ahmad Rozli

**Name of the Vulnerable Software and Affected Versions** Akamai SIA (Secure Internet Access Enterprise) ThreatAvert versions prior to 19.2.0 Akamai SIA (Secure Internet Access Enterprise) Apps Portal versions prior to 19.2.0.3 Akamai SIA (Secure Internet Access Enterprise) Apps Portal versions prior to 19.2.0.20240814 **Description** The issue concerns incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page. An authenticated user can navigate directly to the "/#app/intelligence/threatAvertPolicies" URI and disable policy enforcement. **Recommendations** For Akamai SIA (Secure Internet Access Enterprise) ThreatAvert versions prior to 19.2.0, update to version 19.2.0 or later. For Akamai SIA (Secure Internet Access Enterprise) Apps Portal versions prior to 19.2.0.3, update to version 19.2.0.3 or later. For Akamai SIA (Secure Internet Access Enterprise) Apps Portal versions prior to 19.2.0.20240814, update to version 19.2.0.20240814 or later. As a temporary workaround, consider restricting access to the "/#app/intelligence/threatAvertPolicies" URI to prevent unauthorized policy changes.