Wednesday, February 12, 2025
Follow us On Linkedin
HomeCyber AttackCritical Flaw with Popular API Portal Let Attackers Launch SSRF Attacks

Critical Flaw with Popular API Portal Let Attackers Launch SSRF Attacks

Cyber Attackcyber securityCyber Security News

Published on

By Gurubaran
Critical Flaw with Popular API Portal Let Attackers Launch SSRF Attacks

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

A significant vulnerability in the Perforce Akana Community Manager Developer Portal has been found, allowing attackers to conduct server-side request forgery (SSRF) attacks.

Community Manager is an advanced solution designed to assist businesses in creating an API portal that will draw in, manage, and assist developers who create applications using their APIs.

Organizations frequently use this software to create and maintain developer portals for their APIs. 

Typically, an SSRF attack involves the attacker forcing the server to connect to internal services only found in the infrastructure of the company. 

Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot

In different circumstances, they might be able to force the server to establish a connection with any random external systems.

Sensitive information, such as authorization credentials, can leak as a result.

SSRF in Akana Community Manager Developer Portal

This critical severity vulnerability tracked as CVE-2024-2796, has a CVSS base score of 9.3. The vulnerability was disclosed by Jakob Antonsson.

The Akana Community Manager Developer Portal, versions 2022.1.3 and earlier, has a server-side request forgery (SSRF) vulnerability. 

When an SSRF attack is successful, the hacker can control the target web server to carry out harmful operations or disclose private data. 

This approach can cause significant damage to an organization, including sensitive data exposure, cross-site port attacks (XSPA), denial of service (DoS), and remote code execution.

Affected Software Versions

It has been confirmed that the following Perforce Akana Community Manager Developer Portal versions are impacted:

  • 2022.1.1 
  • 2022.1.2 
  • 2022.1.3

Patches Released

  • 2022.1.1 (CVE-2024-2796 Patch) 
  • 2022.1.2 (CVE-2024-2796 Patch) 
  • 2022.1.3 (CVE-2024-2796 Patch)

It is highly recommended that organizations utilizing the Akana Community Manager Developer Portal update to one of the patched versions right away.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Chrome

Google Chrome’s Safe Browsing Now Protects 1 Billion Users Worldwide

Google's Safe Browsing technology now ensures enhanced protection for over 1 billion Chrome users...
CVE/vulnerability

Critical Ivanti CSA Vulnerability Allows Attackers Remote Code Execution to Gain Restricted Access

A critical vulnerability has been discovered in the Ivanti Cloud Services Application (CSA), potentially...
CVE/vulnerability

Critical OpenSSL Vulnerability Let Attackers Launch Man-in-the-Middle Attacks

A high-severity security vulnerability (CVE-2024-12797) has been identified in OpenSSL, one of the most...
CVE/vulnerability

Fortinet FortiOS & FortiProxy Zero-Day Exploited to Hijack Firewall & Gain Super Admin Access

Cybersecurity firm Fortinet has issued an urgent warning regarding a newly discovered zero-day authentication...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

Register Now

More like this

Chrome

Google Chrome’s Safe Browsing Now Protects 1 Billion Users Worldwide

Google's Safe Browsing technology now ensures enhanced protection for over 1 billion Chrome users...
CVE/vulnerability

Critical Ivanti CSA Vulnerability Allows Attackers Remote Code Execution to Gain Restricted Access

A critical vulnerability has been discovered in the Ivanti Cloud Services Application (CSA), potentially...
CVE/vulnerability

Critical OpenSSL Vulnerability Let Attackers Launch Man-in-the-Middle Attacks

A high-severity security vulnerability (CVE-2024-12797) has been identified in OpenSSL, one of the most...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved