CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24527
https://notcve.org/view.php?id=CVE-2025-24527
29 Jan 2025 — An issue was discovered in Akamai Enterprise Application Access (EAA) before 2025-01-17. If an admin knows another tenant's 128-bit connector GUID, they can execute debug commands on that connector. • https://techdocs.akamai.com/eaa/changelog • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-40683
https://notcve.org/view.php?id=CVE-2021-40683
04 Oct 2021 — In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution. En Akamai EAA (Enterprise Application Access) Client versiones anteriores a 2.3.1, versiones 2.4.x anteriores a 2.4.1 y versiones 2.5.x anteriores a 2.5.3, una ruta no citada puede permitir a un atacante secuestrar el flujo de ejecución • https://akamai.com/blog/news/eaa-client-escalation-of-privilege-vulnerability • CWE-428: Unquoted Search Path or Element •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2019-18847
https://notcve.org/view.php?id=CVE-2019-18847
26 Aug 2020 — Enterprise Access Client Auto-Updater allows for Remote Code Execution prior to version 2.0.1. Enterprise Access Client Auto-Updater, permite una ejecución de código remota en versiones anteriores a versión 2.0.1 • https://blogs.akamai.com/2020/08/enterprise-application-access-client-eaa-vulnerability-cve-2019-18847.html • CWE-295: Improper Certificate Validation •