CVE-2024-45164

Published Nov 4, 2024

Last updated 11 days ago

CVSS high 7.1

Overview

Description: Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page. An authenticated user can navigate directly to the /#app/intelligence/threatAvertPolicies URI and disable policy enforcement.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.1
Impact score: 4.2
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-863
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-732

Hype score: Not currently trending

CVE-2024-45164 Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.… https://t.co/ovE4aWxgQM
@CVEnew
4 Nov 2024
382 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:akamai:secure_internet_access_enterprise_threatavert:19.2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBCD0583-5730-41B0-8F91-7E929A749F12"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References