Monday, May 5, 2025
HomeCyber AttackCritical Flaw with Popular API Portal Let Attackers Launch SSRF Attacks

Critical Flaw with Popular API Portal Let Attackers Launch SSRF Attacks

Published on

SIEM as a Service

Follow Us on Google News

A significant vulnerability in the Perforce Akana Community Manager Developer Portal has been found, allowing attackers to conduct server-side request forgery (SSRF) attacks.

Community Manager is an advanced solution designed to assist businesses in creating an API portal that will draw in, manage, and assist developers who create applications using their APIs.

Organizations frequently use this software to create and maintain developer portals for their APIs. 

- Advertisement - Google News

Typically, an SSRF attack involves the attacker forcing the server to connect to internal services only found in the infrastructure of the company. 

Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot

In different circumstances, they might be able to force the server to establish a connection with any random external systems.

Sensitive information, such as authorization credentials, can leak as a result.

SSRF in Akana Community Manager Developer Portal

This critical severity vulnerability tracked as CVE-2024-2796, has a CVSS base score of 9.3. The vulnerability was disclosed by Jakob Antonsson.

The Akana Community Manager Developer Portal, versions 2022.1.3 and earlier, has a server-side request forgery (SSRF) vulnerability. 

When an SSRF attack is successful, the hacker can control the target web server to carry out harmful operations or disclose private data. 

This approach can cause significant damage to an organization, including sensitive data exposure, cross-site port attacks (XSPA), denial of service (DoS), and remote code execution.

Affected Software Versions

It has been confirmed that the following Perforce Akana Community Manager Developer Portal versions are impacted:

  • 2022.1.1 
  • 2022.1.2 
  • 2022.1.3

Patches Released

  • 2022.1.1 (CVE-2024-2796 Patch) 
  • 2022.1.2 (CVE-2024-2796 Patch) 
  • 2022.1.3 (CVE-2024-2796 Patch)

It is highly recommended that organizations utilizing the Akana Community Manager Developer Portal update to one of the patched versions right away.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...

RomCom RAT Targets UK Organizations Through Compromised Customer Feedback Portals

The Russian-based threat group RomCom, also known as Storm-0978, Tropical Scorpius, and Void Rabisu,...

Hackers Use Pahalgam Attack-Themed Decoys to Target Indian Government Officials

The Seqrite Labs APT team has uncovered a sophisticated cyber campaign by the Pakistan-linked...

LUMMAC.V2 Stealer Uses ClickFix Technique to Deceive Users into Executing Malicious Commands

The LUMMAC.V2 infostealer malware, also known as Lumma or Lummastealer, has emerged as a...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...

RomCom RAT Targets UK Organizations Through Compromised Customer Feedback Portals

The Russian-based threat group RomCom, also known as Storm-0978, Tropical Scorpius, and Void Rabisu,...

Hackers Use Pahalgam Attack-Themed Decoys to Target Indian Government Officials

The Seqrite Labs APT team has uncovered a sophisticated cyber campaign by the Pakistan-linked...