CVE-2021-40683

Published: Oct 4, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution.

Affected (3)

Products: Akamai: Enterprise Application Access

1 product

Enterprise Application Access

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akamai Enterprise Application Access	Before 2.3.1
Akamai Enterprise Application Access	From 2.4.0 to 2.4.1
Akamai Enterprise Application Access	From 2.5.0 to 2.5.3

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (4)

https://akamai.com/blog/news/eaa-client-escalation-of-privilege-vulnerability

Source: cve@mitre.org

ExploitVendor Advisory

https://www.akamai.com/products/enterprise-application-access

Source: cve@mitre.org

ProductVendor Advisory

https://akamai.com/blog/news/eaa-client-escalation-of-privilege-vulnerability

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

https://www.akamai.com/products/enterprise-application-access

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

Timeline

No history available yet.