Vulnerability Description
In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution.
CVSS Score
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Akamai | Enterprise Application Access | < 2.3.1 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://akamai.com/blog/news/eaa-client-escalation-of-privilege-vulnerabilityExploitVendor Advisory
- https://www.akamai.com/products/enterprise-application-accessProductVendor Advisory
- https://akamai.com/blog/news/eaa-client-escalation-of-privilege-vulnerabilityExploitVendor Advisory
- https://www.akamai.com/products/enterprise-application-accessProductVendor Advisory
FAQ
What is CVE-2021-40683?
CVE-2021-40683 is a vulnerability with a CVSS score of 7.8 (HIGH). In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution.
How severe is CVE-2021-40683?
CVE-2021-40683 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-40683?
Check the references section above for vendor advisories and patch information. Affected products include: Akamai Enterprise Application Access, Microsoft Windows.