CVE-2021-40683

In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
VendorProductVersion
akamaienterprise_application_access
𝑥
< 2.3.1
akamaienterprise_application_access
2.4.0 ≤
𝑥
< 2.4.1
akamaienterprise_application_access
2.5.0 ≤
𝑥
< 2.5.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://akamai.com/blog/news/eaa-client-escalation-of-privilege-vulnerability
https://www.akamai.com/products/enterprise-application-access
https://akamai.com/blog/news/eaa-client-escalation-of-privilege-vulnerability
https://www.akamai.com/products/enterprise-application-access