Unauthorized Access in Akamai SIA ThreatAvert Product
CVE-2024-45164

7.1HIGH

Key Information:

Vendor: Akamai
Status: Secure Internet Access Enterprise Threatavert
Vendor: CVE Published:; 4 November 2024

What is CVE-2024-45164?

The vulnerability identified in Akamai SIA ThreatAvert involves insufficient authorization controls within the Admin functionality of the ThreatAvert Policy page. This flaw allows authenticated users to navigate to the specific URI /#app/intelligence/threatAvertPolicies, potentially leading to unauthorized actions such as disabling policy enforcement settings. This raises security concerns, as it may enable malicious actors to manipulate security policies without appropriate permissions, affecting overall system integrity.

References

https://www.akamai.com/global-services/support/vulnerabil...

https://notes.netbytesec.com/2024/11/cve-2024-45164-broke...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2024