Lucene search

[email protected]NVD:CVE-2024-5249

HistoryJul 30, 2024 - 7:15 p.m.

CVE-2024-5249

2024-07-3019:15:11

CWE-294

[email protected]

web.nvd.nist.gov

akana api platform

saml tokens

replay vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

Percentile

9.4%

JSON

In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed.

Affected configurations

Nvd

Node

perforceakana_apiRange≤2024.1.0

VendorProductVersionCPE
perforceakana_api*cpe:2.3:a:perforce:akana_api:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
perforce	akana_api	*	cpe:2.3:a:perforce:akana_api::::::::

References

portal.perforce.com/s/detail/a91PA000001SUH7YAO

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

Percentile

9.4%

JSON

Related for NVD:CVE-2024-5249

vulnrichment1 cvelist1 cve1