CVE-2021-40683

In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:akamai:enterprise_application_access:*:*:*:*:*:*:*:*
cpe:2.3:a:akamai:enterprise_application_access:*:*:*:*:*:*:*:*
cpe:2.3:a:akamai:enterprise_application_access:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

12 Oct 2021, 22:05

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 4.4
v3 : 7.8
CPE cpe:2.3:a:akamai:enterprise_application_access:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
CWE CWE-428
References (CONFIRM) https://akamai.com/blog/news/eaa-client-escalation-of-privilege-vulnerability - (CONFIRM) https://akamai.com/blog/news/eaa-client-escalation-of-privilege-vulnerability - Exploit, Vendor Advisory
References (MISC) https://www.akamai.com/products/enterprise-application-access - (MISC) https://www.akamai.com/products/enterprise-application-access - Product, Vendor Advisory

04 Oct 2021, 17:24

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-04 17:15

Updated : 2024-02-04 22:08


NVD link : CVE-2021-40683

Mitre link : CVE-2021-40683

CVE.ORG link : CVE-2021-40683


JSON object : View

Products Affected

akamai

  • enterprise_application_access

microsoft

  • windows
CWE
CWE-428

Unquoted Search Path or Element