CVE-2024-45164 — HIGH (7.1)

Vulnerability Description

Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page. An authenticated user can navigate directly to the /#app/intelligence/threatAvertPolicies URI and disable policy enforcement.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Akamai	Secure Internet Access Enterprise Threatavert	19.2.0.2

Related Weaknesses (CWE)

CWE-732 CWE-863

References

https://notes.netbytesec.com/2024/11/cve-2024-45164-broken-access-control.htmlExploitMitigationThird Party Advisory
https://www.akamai.com/global-services/support/vulnerability-reportingProduct

FAQ

What is CVE-2024-45164?

CVE-2024-45164 is a vulnerability with a CVSS score of 7.1 (HIGH). Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorr...

How severe is CVE-2024-45164?

CVE-2024-45164 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-45164?

Check the references section above for vendor advisories and patch information. Affected products include: Akamai Secure Internet Access Enterprise Threatavert.