Categories: Cyber Attackcyber securityCyber Security News

Critical Flaw with Popular API Portal Let Attackers Launch SSRF Attacks

Critical Flaw with Popular API Portal Let Attackers Launch SSRF AttacksCritical Flaw with Popular API Portal Let Attackers Launch SSRF Attacks

A significant vulnerability in the Perforce Akana Community Manager Developer Portal has been found, allowing attackers to conduct server-side request forgery (SSRF) attacks.

Community Manager is an advanced solution designed to assist businesses in creating an API portal that will draw in, manage, and assist developers who create applications using their APIs.

Organizations frequently use this software to create and maintain developer portals for their APIs. 

Typically, an SSRF attack involves the attacker forcing the server to connect to internal services only found in the infrastructure of the company. 

Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot

In different circumstances, they might be able to force the server to establish a connection with any random external systems.

Sensitive information, such as authorization credentials, can leak as a result.

SSRF in Akana Community Manager Developer Portal

This critical severity vulnerability tracked as CVE-2024-2796, has a CVSS base score of 9.3. The vulnerability was disclosed by Jakob Antonsson.

The Akana Community Manager Developer Portal, versions 2022.1.3 and earlier, has a server-side request forgery (SSRF) vulnerability. 

When an SSRF attack is successful, the hacker can control the target web server to carry out harmful operations or disclose private data. 

This approach can cause significant damage to an organization, including sensitive data exposure, cross-site port attacks (XSPA), denial of service (DoS), and remote code execution.

Affected Software Versions

It has been confirmed that the following Perforce Akana Community Manager Developer Portal versions are impacted:

  • 2022.1.1
  • 2022.1.2
  • 2022.1.3

Patches Released

  • 2022.1.1 (CVE-2024-2796 Patch)
  • 2022.1.2 (CVE-2024-2796 Patch)
  • 2022.1.3 (CVE-2024-2796 Patch)

It is highly recommended that organizations utilizing the Akana Community Manager Developer Portal update to one of the patched versions right away.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Leave a Comment
Share
Published by
Gurubaran
Tags: cyber securityCyber Security News
12 months ago

Recent Posts

Hackers Exploit Cloudflare Tunnel Infrastructure to Deploy Multiple Remote Access Trojans

The Sekoia TDR (Threat Detection & Research) team has reported on a sophisticated network infrastructure…

7 hours ago

Threat Actors Leverage npm and PyPI with Impersonated Dev Tools for Credential Theft

The Socket Threat Research Team has unearthed a trio of malicious packages, two hosted on…

7 hours ago

Hackers Exploit Legitimate Microsoft Utility to Deliver Malicious DLL Payload

Hackers are now exploiting a legitimate Microsoft utility, mavinject.exe, to inject malicious DLLs into unsuspecting…

9 hours ago

Cybercriminals Exploit Network Edge Devices to Infiltrate SMBs

Small and midsized businesses (SMBs) continue to be prime targets for cybercriminals, with network edge…

9 hours ago

Criminal IP to Showcase Advanced Threat Intelligence at RSAC™ 2025

Joining Criminal IP at Booth S-634 | South Expo, Moscone Center | April 28 –…

9 hours ago

TP-Link Router Vulnerabilities Allow Attackers to Execute Malicious SQL Commands

Cybersecurity researchers have uncovered critical SQL injection vulnerabilities in four TP-Link router models, enabling attackers…

10 hours ago