A significant vulnerability in the Perforce Akana Community Manager Developer Portal has been found, allowing attackers to conduct server-side request forgery (SSRF) attacks.
Community Manager is an advanced solution designed to assist businesses in creating an API portal that will draw in, manage, and assist developers who create applications using their APIs.
Organizations frequently use this software to create and maintain developer portals for their APIs.
Typically, an SSRF attack involves the attacker forcing the server to connect to internal services only found in the infrastructure of the company.
Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot
In different circumstances, they might be able to force the server to establish a connection with any random external systems.
Sensitive information, such as authorization credentials, can leak as a result.
This critical severity vulnerability tracked as CVE-2024-2796, has a CVSS base score of 9.3. The vulnerability was disclosed by Jakob Antonsson.
The Akana Community Manager Developer Portal, versions 2022.1.3 and earlier, has a server-side request forgery (SSRF) vulnerability.
When an SSRF attack is successful, the hacker can control the target web server to carry out harmful operations or disclose private data.
This approach can cause significant damage to an organization, including sensitive data exposure, cross-site port attacks (XSPA), denial of service (DoS), and remote code execution.
It has been confirmed that the following Perforce Akana Community Manager Developer Portal versions are impacted:
It is highly recommended that organizations utilizing the Akana Community Manager Developer Portal update to one of the patched versions right away.
Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP
A very important message from the Norwegian National Cyber Security Centre (NCSC) says that Secure Socket Layer/Transport Layer Security (SSL/TLS)…
Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices, which makes it an attractive target…
ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine, to target infected systems, which extracts…
Santander has confirmed that there was a major data breach that affected its workers and customers in Spain, Uruguay, and…
The U.S. government has offered a prize of up to $5 million for information that leads to the arrest and…
Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated cybercriminals to achieve its strategic goals,…