CVE-2024-45164

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions Akamai SIA (Secure Internet Access Enterprise) ThreatAvert versions prior to 19.2.0 Akamai SIA (Secure Internet Access Enterprise) Apps Portal versions prior to 19.2.0.3 Akamai SIA (Secure Internet Access Enterprise) Apps Portal versions prior to 19.2.0.20240814

Description The issue concerns incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page. An authenticated user can navigate directly to the "/#app/intelligence/threatAvertPolicies" URI and disable policy enforcement.

Recommendations For Akamai SIA (Secure Internet Access Enterprise) ThreatAvert versions prior to 19.2.0, update to version 19.2.0 or later. For Akamai SIA (Secure Internet Access Enterprise) Apps Portal versions prior to 19.2.0.3, update to version 19.2.0.3 or later. For Akamai SIA (Secure Internet Access Enterprise) Apps Portal versions prior to 19.2.0.20240814, update to version 19.2.0.20240814 or later. As a temporary workaround, consider restricting access to the "/#app/intelligence/threatAvertPolicies" URI to prevent unauthorized policy changes.

Exploit

Fix

Incorrect Authorization

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-732

Related Identifiers

CVE-2024-45164

Affected Products

Akamai Sia Apps Portal

Akamai Sia Threatavert

CVE-2024-45164

Weakness Enumeration

Related Identifiers

Affected Products

References · 8