CVE-2024-45164

Summary

CVE-2024-45164 is a vulnerability affecting Akamai SIA (Secure Internet Access Enterprise) ThreatAvert. Prior versions of SPS (Security and Personalization Services) and Apps Portal, specifically before 19.2.0.3 or 19.2.0.20240814, contain incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page. An authenticated user can bypass these controls and directly access the /#app/intelligence/threatAvertPolicies URI to disable policy enforcement. This issue poses a significant risk, as unauthorized users may be able to weaken security measures in place. Organizations using Akamai SIA are strongly urged to apply the latest patches to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.