Description
In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution.
References
https://akamai.com/blog/news/eaa-client-escalation-of-privilege-vulnerability
ExploitVendor Advisory
https://www.akamai.com/products/enterprise-application-access
ProductVendor Advisory
CVSS impact metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 · High
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-10-04T17:15:08.467
3 years agoLast modified
2021-10-12T22:05:02.660
3 years ago