CVE-2024-45164 : AKAMAI SPS/APPS PORTAL SIA THREATAVERT THREATAVERTPOLICIES IMPROPER AUTHORIZATION

Description

Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page. An authenticated user can navigate directly to the /#app/intelligence/threatAvertPolicies URI and disable policy enforcement.

References

https://www.akamai.com/global-services/support/vulnerability-reporting

https://notes.netbytesec.com/2024/11/cve-2024-45164-broken-access-control.html

For More Information

CVERecord

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-51136 : OPENIMAJ 1.3.10 DMOZ2CSV XML EXTERNAL ENTITY REFERENCE

CVE-2024-51136 : OPENIMAJ 1.3.10 DMOZ2CSV XML EXTERNAL ENTITY REFERENCE

Description An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute

CVE-2024-48809 : OPEN NETWORKING FOUNDATION SDRAN-IN-A-BOX/ONOS-A1T DELETEWATCHER DENIAL OF SERVICE

CVE-2024-48809 : OPEN NETWORKING FOUNDATION SDRAN-IN-A-BOX/ONOS-A1T DELETEWATCHER DENIAL OF SERVICE

Description An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and onos-a1t v.0.2.3 allows a remote attacker to cause a denial

CVE-2024-45164 : AKAMAI SPS/APPS PORTAL SIA THREATAVERT THREATAVERTPOLICIES IMPROPER AUTHORIZATION

CVE-2024-45164 : AKAMAI SPS/APPS PORTAL SIA THREATAVERT THREATAVERTPOLICIES IMPROPER AUTHORIZATION

Description Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and