CVE-2024-45164
Last modified
CVE-2024-45164 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page. An authenticated user can navigate directly to the /#app/intelligence/threatAvertPolicies URI and disable policy enforcement.. EPSS estimates a 0.31% chance of exploitation in the next 30 days.
Description
Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page. An authenticated user can navigate directly to the /#app/intelligence/threatAvertPolicies URI and disable policy enforcement.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Akamai | Secure Internet Access Enterprise Threatavert | 19.2.0.2 |
References
- https://notes.netbytesec.com/2024/11/cve-2024-45164-broken-access-control.htmlExploit, Mitigation, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-45164?
How severe is CVE-2024-45164?
How do I fix CVE-2024-45164?
Are you affected by CVE-2024-45164?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST