CVE-2021-40683

EUVD-2021-27855
In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Affected Products (NVD)
VendorProductVersion
akamaienterprise_application_access
𝑥
< 2.3.1
akamaienterprise_application_access
2.4.0 ≤
𝑥
< 2.4.1
akamaienterprise_application_access
2.5.0 ≤
𝑥
< 2.5.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://akamai.com/blog/news/eaa-client-escalation-of-privilege-vulnerability
https://www.akamai.com/products/enterprise-application-access
https://akamai.com/blog/news/eaa-client-escalation-of-privilege-vulnerability
https://www.akamai.com/products/enterprise-application-access