Saturday, May 4, 2024

Critical Flaw with Popular API Portal Let Attackers Launch SSRF Attacks

By Guru baran

A significant vulnerability in the Perforce Akana Community Manager Developer Portal has been found, allowing attackers to conduct server-side request forgery (SSRF) attacks.

Community Manager is an advanced solution designed to assist businesses in creating an API portal that will draw in, manage, and assist developers who create applications using their APIs.

Organizations frequently use this software to create and maintain developer portals for their APIs. 

Typically, an SSRF attack involves the attacker forcing the server to connect to internal services only found in the infrastructure of the company. 

Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot

In different circumstances, they might be able to force the server to establish a connection with any random external systems.

Sensitive information, such as authorization credentials, can leak as a result.

SSRF in Akana Community Manager Developer Portal

This critical severity vulnerability tracked as CVE-2024-2796, has a CVSS base score of 9.3. The vulnerability was disclosed by Jakob Antonsson.

The Akana Community Manager Developer Portal, versions 2022.1.3 and earlier, has a server-side request forgery (SSRF) vulnerability. 

When an SSRF attack is successful, the hacker can control the target web server to carry out harmful operations or disclose private data. 

This approach can cause significant damage to an organization, including sensitive data exposure, cross-site port attacks (XSPA), denial of service (DoS), and remote code execution.

Affected Software Versions

It has been confirmed that the following Perforce Akana Community Manager Developer Portal versions are impacted:

  • 2022.1.1 
  • 2022.1.2 
  • 2022.1.3

Patches Released

  • 2022.1.1 (CVE-2024-2796 Patch) 
  • 2022.1.2 (CVE-2024-2796 Patch) 
  • 2022.1.3 (CVE-2024-2796 Patch)

It is highly recommended that organizations utilizing the Akana Community Manager Developer Portal update to one of the patched versions right away.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP

Managed WAF Protection

Website

Latest articles

Cyber Crime

Ex-Cybersecurity Consultant Jailed For Trading Confidential Data

Vincent Cannady, a professional who used to work as a consultant in the cybersecurity...
cyber security

Mal.Metrica Malware Hijacks 17,000+ WordPress Sites

Infected websites mimic legitimate human verification prompts (CAPTCHAs) to trick users, who often request...
cyber security

Hackers Exploit Microsoft Graph API For C&C Communications

An emerging threat leverages Microsoft's Graph API to facilitate command-and-control (C&C) communications through Microsoft...
cyber security

ApacheMQ Authentication Flaw Let Unauthorized Users Perform Multiple Actions

Apache ActiveMQ is a Java based communication management tool for communicating with multiple components...
cyber security

68% of Data Breach Occurs Due to Social Engineering Attacks

In the latest edition of Verizon's Data Breach Investigations Report (DBIR) for 2024, a...
cyber security

U.S. Govt Warns of Massive Social Engineering Attack from North Korean Hackers

The United States government has issued a stark warning about a new wave of...
Cisco

Cisco IP Phone Vulnerability Let Attackers Trigger DoS Attack

Cisco has disclosed multiple vulnerabilities in its IP Phone firmware that could severely impact...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

WAAP/WAF ROI Analysis

Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

    • Book Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

Email : [email protected]