CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24527
https://notcve.org/view.php?id=CVE-2025-24527
29 Jan 2025 — An issue was discovered in Akamai Enterprise Application Access (EAA) before 2025-01-17. If an admin knows another tenant's 128-bit connector GUID, they can execute debug commands on that connector. • https://techdocs.akamai.com/eaa/changelog • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-40683
https://notcve.org/view.php?id=CVE-2021-40683
04 Oct 2021 — In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution. En Akamai EAA (Enterprise Application Access) Client versiones anteriores a 2.3.1, versiones 2.4.x anteriores a 2.4.1 y versiones 2.5.x anteriores a 2.5.3, una ruta no citada puede permitir a un atacante secuestrar el flujo de ejecución • https://akamai.com/blog/news/eaa-client-escalation-of-privilege-vulnerability • CWE-428: Unquoted Search Path or Element •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2019-18847
https://notcve.org/view.php?id=CVE-2019-18847
26 Aug 2020 — Enterprise Access Client Auto-Updater allows for Remote Code Execution prior to version 2.0.1. Enterprise Access Client Auto-Updater, permite una ejecución de código remota en versiones anteriores a versión 2.0.1 • https://blogs.akamai.com/2020/08/enterprise-application-access-client-eaa-vulnerability-cve-2019-18847.html • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2019-11011
https://notcve.org/view.php?id=CVE-2019-11011
21 Jun 2019 — Akamai CloudTest before 58.30 allows remote code execution. Akamai CloudTest anterior a versión 58.30, permite la ejecución remota de código. • https://blogs.akamai.com/sitr/2019/06/cloudtest-vulnerability-cve-2019-11011.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10157
https://notcve.org/view.php?id=CVE-2016-10157
23 Jan 2017 — Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code within the Akamai NetSession process space. Akamai NetSession 1.9.3.1 es vulnerable a DLL Hijacking: trata de cargar CSUNSAPI.dll sin suministrar la ruta completa. El problema es agravado porque la DLL mencionada está desaparecida d... • http://www.securityfocus.com/bid/95995 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 2%CPEs: 6EXPL: 0CVE-2009-2582
https://notcve.org/view.php?id=CVE-2009-2582
23 Jul 2009 — Stack-based buffer overflow in manager.exe in Akamai Download Manager (aka DLM or dlmanager) before 2.2.4.8 allows remote web servers to execute arbitrary code via a malformed HTTP response during a Redswoosh download, a different vulnerability than CVE-2007-1891 and CVE-2007-1892. Desbordamiento de búfer basado en pila en manager.exe en Akamai Download Manager(también conocido como DLM or dlmanager) anterior a v2.2.4.8, permite a servidores web remotos ejecutar código de su elección mediante una respuesta ... • http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0351.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1106
https://notcve.org/view.php?id=CVE-2008-1106
09 Jun 2008 — The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files. La interfaz de administración de Akamai Client (formerly Red Swoosh) 3322 y versiones anteriores permite a atacante... • http://secunia.com/advisories/30135 • CWE-287: Improper Authentication CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.3EPSS: 13%CPEs: 4EXPL: 1CVE-2008-1770 – Akamai Download Manager < 2.2.3.7 - ActiveX Remote Download
https://notcve.org/view.php?id=CVE-2008-1770
04 Jun 2008 — CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line. Vulnerabilidad de inyección CRLF en el control ActiveX Akamai Download Manager anteriores a la 2.2.3.6, permite a atacantes remotos forzar la descarga y ejecución de archivos arbitrariamente a través de un parámetro URL que contiene un LF codificado seguido de una... • https://www.exploit-db.com/exploits/5741 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2007-6339
https://notcve.org/view.php?id=CVE-2007-6339
01 May 2008 — The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters." El control ActiveX del Gestor de descargas Akamai (Aka DLM dlmanager) (DownloadManagerV2.ocx) anterior a 2.2.3.5 permite a los atacantes remotos forzar la descarga y ejecución de código arbitrario mediante "parámetros indocumentados de objeto" sin especificar. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=695 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 17%CPEs: 1EXPL: 0CVE-2007-1891
https://notcve.org/view.php?id=CVE-2007-1891
18 Apr 2007 — Stack-based buffer overflow in the GetPrivateProfileSectionW function in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) after 2.0.4.4 but before 2.2.1.0 allows remote attackers to execute arbitrary code, related to misinterpretation of the nSize parameter as a byte count instead of a wide character count. Desbordamiento de búfer basado en pila en la función GetPrivateProfileSectionW del control ActiveX Akamai Technologies Download Manager (DownloadManagerV2.ocx) después de la v... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=514 •