CVE-2024-45164

Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page. An authenticated user can navigate directly to the /#app/intelligence/threatAvertPolicies URI and disable policy enforcement.
Configurations

Configuration 1 (hide)

cpe:2.3:a:akamai:secure_internet_access_enterprise_threatavert:19.2.0.2:*:*:*:*:*:*:*

History

06 Nov 2024, 17:35

Type Values Removed Values Added
CWE CWE-732

06 Nov 2024, 15:51

Type Values Removed Values Added
Summary
  • (es) Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, en SPS (Security and Personality Services) antes del último parche 19.2.0 y en Apps Portal antes de 19.2.0.3 o 19.2.0.20240814, tiene controles de autorización incorrectos para la funcionalidad de administrador en la página de políticas de ThreatAvert. Un usuario autenticado puede navegar directamente a la URL /#app/intelligence/threatAvertPolicies y deshabilitar la aplicación de políticas.
CPE cpe:2.3:a:akamai:secure_internet_access_enterprise_threatavert:19.2.0.2:*:*:*:*:*:*:*
First Time Akamai secure Internet Access Enterprise Threatavert
Akamai
CWE CWE-863
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.1
References () https://notes.netbytesec.com/2024/11/cve-2024-45164-broken-access-control.html - () https://notes.netbytesec.com/2024/11/cve-2024-45164-broken-access-control.html - Exploit, Mitigation, Third Party Advisory
References () https://www.akamai.com/global-services/support/vulnerability-reporting - () https://www.akamai.com/global-services/support/vulnerability-reporting - Product

04 Nov 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-04 14:15

Updated : 2024-11-06 17:35


NVD link : CVE-2024-45164

Mitre link : CVE-2024-45164

CVE.ORG link : CVE-2024-45164


JSON object : View

Products Affected

akamai

  • secure_internet_access_enterprise_threatavert
CWE
CWE-863

Incorrect Authorization

CWE-732

Incorrect Permission Assignment for Critical Resource