EUVD-2021-27855

Malicious code in bioql PyPI...

eaa-assoc.org Cross Site Scripting vulnerability OBB-3930463

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

eaa-phev.org Cross Site Scripting vulnerability OBB-3283481

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

EAA Client Escalation of Privilege Vulnerability on Windows

This post covers the details of CVE-2021-40683 CVSS 6.5, the vulnerability impacting the Akamai Enterprise Application Access EAA Client running on Windows systems, for which Akamai has provided a patch to its customers...

CVE-2021-40683

In Akamai EAA Enterprise Application Access Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution...

CVE-2021-40683

In Akamai EAA Enterprise Application Access Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution...

Design/Logic Flaw

In Akamai EAA Enterprise Application Access Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution...

CVE-2021-40683

The CVE-2021-40683 issue affects Akamai EAA Client on Windows prior to patches addressing unquoted path handling that could hijack the flow of execution. Affected versions include 2.3.1 and 2.4.x before 2.4.1, and 2.5.x before 2.5.3. The vulnerability, described across multiple sources, indicates...

CVE-2021-40683

In Akamai EAA Enterprise Application Access Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution...

New Admin Portal for Akamai Enterprise Application Access

The definition of a user has evolved to comprise much more than an employee, making secure access to the right application, for the right user, at the right time difficult and complex. Akamai Enterprise Application Access EAA is a unique cloud architecture that closes all inbound firewall ports,...

Akamai EAA Impersonation Vulnerability - A Deep Dive

In this post, we cover the technical details of CVE-2021-28091, the vulnerability impacting Akamai's Enterprise Application Access EAA platform. We cover our investigation, remediation and disclosure process for the vulnerability. For an overview of the vulnerability, the impact to Akamai, the...

SAML Implementation Vulnerability Impacting Some Akamai Services

This blog post provides an overview of a vulnerability discovered in Akamai's Enterprise Application Access EAA product which has been patched. This vulnerability could have allowed an actor to impersonate an authorized user when interacting with an application that used Security Assertion Markup...

Akamai EAA Impersonation Vulnerability - A Deep Dive

In this post, we cover the technical details of CVE-2021-28091, the vulnerability impacting Akamai's Enterprise Application Access EAA platform...

SAML Implementation Vulnerability Impacting Some Akamai Services

This blog post provides an overview of a vulnerability discovered in Akamai's Enterprise Application Access EAA product which has been patched...

Caught on Camera: Rethinking IoT Security

We all know that we're on camera pretty much constantly -- most coffee shops, convenience stores, and even offices employ security cameras for protection. But what happens when those devices built to keep us safe become unsafe? Hacks are becoming more frequent and attacking personal, private data...

Enterprise Application Access Client (EAA) Vulnerability (CVE-2019-18847)

On October 15, 2019, Tesla discovered, and responsibly disclosed, a vulnerability within Akamai's Enterprise Application Access EAA client that allows privilege escalation and remote code execution RCE when an attacker is within privileged locations on a network. This vulnerability has been...

Accelerate Migration from Legacy WAM While Enabling Zero Trust Access with EAA and Single-Host Access

Customers are in the process of replacing their legacy proxy/WAM solutions with modern Identity-Aware Proxies to enable Zero Trust access to business applications and services. Akamai's Identity Aware proxy enables secure remote access for end users from anywhere, on any device, to business...

Akamai and Microsoft: Delivering a Better Zero Trust Access Model for the Hybrid Enterprise Together

The best partnerships evolve over time and are forged with a common goal. Microsoft and Akamai have partnered for years with the common goal of delivering integrated solutions that address real customer problems. A great example is optimizing global end-user performance for cloud workloads with...

How to Provide Secure Access to AWS Workloads

In the last two posts, we covered the security fundamentals to migrate to the Cloud and the 10 best practices to secure workloads. In this third post, we will talk about securing access to your AWS workloads. To Live Happy, Live Hidden In a traditional model, you need to somehow open your cloud...

Intercept SaaS Services with the Akamai EAA Client

I was quite fortunate to visit Tokyo for the first time last year, and it was an unforgettable experience to explore all the sights and sounds around the Ginza district and to interact with the very friendly Japanese people. It wasn't all play, though -- and I had to get some real work done as...