Vulnerabilities > CVE-2024-45164 - Incorrect Authorization vulnerability in Akamai Secure Internet Access Enterprise Threatavert 19.2.0.2

CVSS 7.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

LOW

Availability impact

NONE

network

low complexity

akamai

CWE-863

NVD

Published: 2024-11-04

Updated: 2024-11-06

Summary

Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page. An authenticated user can navigate directly to the /#app/intelligence/threatAvertPolicies URI and disable policy enforcement.

Vulnerable Configurations

Part	Description	Count
Application	Akamai Akamai Secure Internet Access Enterprise Threatavert 19.2.0.2	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.akamai.com/global-services/support/vulnerability-reporting
https://notes.netbytesec.com/2024/11/cve-2024-45164-broken-access-control.html