Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by Akana
CVE-2024-3930 (GCVE-0-2024-3930)
Vulnerability from cvelistv5 – Published: 2024-07-30 18:36 – Updated: 2024-09-09 20:31
VLAI
Title
XML External Entity in Akana
Summary
In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Akana | Akana API Platform |
Affected:
0.0.0 , < 2024.1.0
(semver)
Affected: 0.0.0 , < 2022.1.3.2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3930",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T19:18:19.628382Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T19:18:28.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.perforce.com/s/detail/a91PA000001SUKLYA4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Akana API Platform",
"vendor": "Akana",
"versions": [
{
"lessThan": "2024.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.1.3.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn versions of Akana API Platform prior to 2024.1.0\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;a flaw resulting in XML External Entity (XXE) was discovered.\u003c/span\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "In versions of Akana API Platform prior to 2024.1.0\u00a0a flaw resulting in XML External Entity (XXE) was discovered."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T20:31:37.770Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001SUKLYA4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XML External Entity in Akana",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2024-3930",
"datePublished": "2024-07-30T18:36:18.443Z",
"dateReserved": "2024-04-17T16:54:18.919Z",
"dateUpdated": "2024-09-09T20:31:37.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5250 (GCVE-0-2024-5250)
Vulnerability from cvelistv5 – Published: 2024-07-30 18:29 – Updated: 2024-08-01 21:03
VLAI
Title
Overly Verbose Errors in SAML Integration
Summary
In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Akana | Akana API Platform |
Affected:
0.0.0 , < 2024.1.0
(SEM)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T19:43:27.369233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T19:43:46.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:11.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.perforce.com/s/detail/a91PA000001SUIjYAO"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Akana API Platform",
"vendor": "Akana",
"versions": [
{
"lessThan": "2024.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "SEM"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations\u003c/span\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T18:29:11.375Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001SUIjYAO"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Overly Verbose Errors in SAML Integration",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2024-5250",
"datePublished": "2024-07-30T18:29:11.375Z",
"dateReserved": "2024-05-22T21:48:25.280Z",
"dateUpdated": "2024-08-01T21:03:11.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5249 (GCVE-0-2024-5249)
Vulnerability from cvelistv5 – Published: 2024-07-30 18:23 – Updated: 2025-01-09 19:23
VLAI
Title
SAML Replay in Akana
Summary
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-294 - Authentication Bypass by Capture-replay
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Akana | Akana API Platform |
Affected:
0.0.0 , < 2024.1.0
(semver)
Affected: 0.0.0 , < 2022.1.3.2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5249",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T13:49:40.520963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:23:49.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:11.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.perforce.com/s/detail/a91PA000001SUH7YAO"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Akana API Platform",
"vendor": "Akana",
"versions": [
{
"lessThan": "2024.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.1.3.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn versions of Akana \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAPI Platform \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eprior to \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e2024.1.0, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSAML tokens can be replayed.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T20:32:20.470Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001SUH7YAO"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SAML Replay in Akana",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2024-5249",
"datePublished": "2024-07-30T18:23:29.074Z",
"dateReserved": "2024-05-22T21:47:47.618Z",
"dateUpdated": "2025-01-09T19:23:49.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3826 (GCVE-0-2024-3826)
Vulnerability from cvelistv5 – Published: 2024-07-02 15:49 – Updated: 2024-08-14 14:14
VLAI
Title
Broken SAML Validation
Summary
In versions of Akana in versions prior to and including 2022.1.3 validation is broken when using the SAML Single Sign-On (SSO) functionality.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Akana | Akana API Platform |
Affected:
2022.1.1 , < 2022.1.1 (CVE-2024-3826 Patch)
(semver)
Affected: 2022.1.2 , < 2022.1.2 (CVE-2024-3826 Patch) (semver) Affected: 2022.1.3 , < 2022.1.3 (CVE-2024-3826 Patch) (semver) Affected: 0.0.0 , < 2024.1.0 (sem) |
|
| akana | akana |
Affected:
2022.1.1 , < 2022.1.1 (Patch)
(semver)
Affected: 2022.1.2 , < 2022.1.2 (Patch) (semver) Affected: 2022.1.3 , < 2022.1.3 (Patch) (semver) Affected: 0.0.0 , < 2024.1.0 (semver) cpe:2.3:a:akana:akana:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:akana:akana:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "akana",
"vendor": "akana",
"versions": [
{
"lessThan": "2022.1.1 (Patch)",
"status": "affected",
"version": "2022.1.1",
"versionType": "semver"
},
{
"lessThan": "2022.1.2 (Patch)",
"status": "affected",
"version": "2022.1.2",
"versionType": "semver"
},
{
"lessThan": "2022.1.3 (Patch)",
"status": "affected",
"version": "2022.1.3",
"versionType": "semver"
},
{
"lessThan": "2024.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T17:53:57.478134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T14:14:05.527Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:01.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.perforce.com/s/detail/a91PA000001SUAfYAO"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Akana API Platform",
"vendor": "Akana",
"versions": [
{
"lessThan": "2022.1.1 (CVE-2024-3826 Patch)",
"status": "affected",
"version": "2022.1.1",
"versionType": "semver"
},
{
"lessThan": "2022.1.2 (CVE-2024-3826 Patch)",
"status": "affected",
"version": "2022.1.2",
"versionType": "semver"
},
{
"lessThan": "2022.1.3 (CVE-2024-3826 Patch)",
"status": "affected",
"version": "2022.1.3",
"versionType": "semver"
},
{
"lessThan": "2024.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "sem"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In versions of Akana in versions prior to and including 2022.1.3 validation is broken when using the SAML Single Sign-On (SSO) functionality. \u0026nbsp;"
}
],
"value": "In versions of Akana in versions prior to and including 2022.1.3 validation is broken when using the SAML Single Sign-On (SSO) functionality."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T17:53:03.158Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001SUAfYAO"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Broken SAML Validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2024-3826",
"datePublished": "2024-07-02T15:49:09.391Z",
"dateReserved": "2024-04-15T14:59:43.658Z",
"dateUpdated": "2024-08-14T14:14:05.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2796 (GCVE-0-2024-2796)
Vulnerability from cvelistv5 – Published: 2024-04-18 15:04 – Updated: 2024-09-17 16:00
VLAI
Title
SSRF in Akana API Platform
Summary
A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson.
Severity
9.3 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Akana | Akana API Platform |
Affected:
2022.1.1 , < 2022.1.1 (CVE-2024-2796 Patch)
(semver)
Affected: 2022.1.2 , < 2022.1.2 (CVE-2024-2796 Patch) (semver) Affected: 0.0.0 , < 2024.1.0 (semver) Affected: 0.0.0 , < 2022.1.3.2 (semver) |
|
| akana | akana_api_platform |
Affected:
2022.1.1 , < 2022.1.1
(semver)
Affected: 2022.1.2 , < 2022.1.2 (semver) Affected: 2022.1.3 , < 2022.1.3 (semver) Affected: 0.0.0 , < 2024.1.0 (semver) cpe:2.3:a:akana:akana_api_platform:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:41.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.perforce.com/s/detail/a91PA000001STuXYAW"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:akana:akana_api_platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "akana_api_platform",
"vendor": "akana",
"versions": [
{
"lessThan": "2022.1.1",
"status": "affected",
"version": "2022.1.1",
"versionType": "semver"
},
{
"lessThan": "2022.1.2",
"status": "affected",
"version": "2022.1.2",
"versionType": "semver"
},
{
"lessThan": "2022.1.3",
"status": "affected",
"version": "2022.1.3",
"versionType": "semver"
},
{
"lessThan": "2024.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T19:12:07.968499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T16:00:42.155Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Akana API Platform",
"vendor": "Akana",
"versions": [
{
"lessThan": "2022.1.1 (CVE-2024-2796 Patch)",
"status": "affected",
"version": "2022.1.1",
"versionType": "semver"
},
{
"lessThan": "2022.1.2 (CVE-2024-2796 Patch)",
"status": "affected",
"version": "2022.1.2",
"versionType": "semver"
},
{
"lessThan": "2024.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.1.3.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003eA server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson.\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T20:38:32.167Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001STuXYAW"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SSRF in Akana API Platform",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2024-2796",
"datePublished": "2024-04-18T15:04:56.099Z",
"dateReserved": "2024-03-21T18:15:09.714Z",
"dateUpdated": "2024-09-17T16:00:42.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3930 (GCVE-0-2024-3930)
Vulnerability from nvd – Published: 2024-07-30 18:36 – Updated: 2024-09-09 20:31
VLAI
Title
XML External Entity in Akana
Summary
In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Akana | Akana API Platform |
Affected:
0.0.0 , < 2024.1.0
(semver)
Affected: 0.0.0 , < 2022.1.3.2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3930",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T19:18:19.628382Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T19:18:28.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.perforce.com/s/detail/a91PA000001SUKLYA4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Akana API Platform",
"vendor": "Akana",
"versions": [
{
"lessThan": "2024.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.1.3.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn versions of Akana API Platform prior to 2024.1.0\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;a flaw resulting in XML External Entity (XXE) was discovered.\u003c/span\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "In versions of Akana API Platform prior to 2024.1.0\u00a0a flaw resulting in XML External Entity (XXE) was discovered."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T20:31:37.770Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001SUKLYA4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XML External Entity in Akana",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2024-3930",
"datePublished": "2024-07-30T18:36:18.443Z",
"dateReserved": "2024-04-17T16:54:18.919Z",
"dateUpdated": "2024-09-09T20:31:37.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5250 (GCVE-0-2024-5250)
Vulnerability from nvd – Published: 2024-07-30 18:29 – Updated: 2024-08-01 21:03
VLAI
Title
Overly Verbose Errors in SAML Integration
Summary
In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Akana | Akana API Platform |
Affected:
0.0.0 , < 2024.1.0
(SEM)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T19:43:27.369233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T19:43:46.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:11.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.perforce.com/s/detail/a91PA000001SUIjYAO"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Akana API Platform",
"vendor": "Akana",
"versions": [
{
"lessThan": "2024.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "SEM"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations\u003c/span\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T18:29:11.375Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001SUIjYAO"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Overly Verbose Errors in SAML Integration",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2024-5250",
"datePublished": "2024-07-30T18:29:11.375Z",
"dateReserved": "2024-05-22T21:48:25.280Z",
"dateUpdated": "2024-08-01T21:03:11.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5249 (GCVE-0-2024-5249)
Vulnerability from nvd – Published: 2024-07-30 18:23 – Updated: 2025-01-09 19:23
VLAI
Title
SAML Replay in Akana
Summary
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-294 - Authentication Bypass by Capture-replay
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Akana | Akana API Platform |
Affected:
0.0.0 , < 2024.1.0
(semver)
Affected: 0.0.0 , < 2022.1.3.2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5249",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T13:49:40.520963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:23:49.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:11.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.perforce.com/s/detail/a91PA000001SUH7YAO"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Akana API Platform",
"vendor": "Akana",
"versions": [
{
"lessThan": "2024.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.1.3.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn versions of Akana \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAPI Platform \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eprior to \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e2024.1.0, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSAML tokens can be replayed.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T20:32:20.470Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001SUH7YAO"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SAML Replay in Akana",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2024-5249",
"datePublished": "2024-07-30T18:23:29.074Z",
"dateReserved": "2024-05-22T21:47:47.618Z",
"dateUpdated": "2025-01-09T19:23:49.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3826 (GCVE-0-2024-3826)
Vulnerability from nvd – Published: 2024-07-02 15:49 – Updated: 2024-08-14 14:14
VLAI
Title
Broken SAML Validation
Summary
In versions of Akana in versions prior to and including 2022.1.3 validation is broken when using the SAML Single Sign-On (SSO) functionality.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Akana | Akana API Platform |
Affected:
2022.1.1 , < 2022.1.1 (CVE-2024-3826 Patch)
(semver)
Affected: 2022.1.2 , < 2022.1.2 (CVE-2024-3826 Patch) (semver) Affected: 2022.1.3 , < 2022.1.3 (CVE-2024-3826 Patch) (semver) Affected: 0.0.0 , < 2024.1.0 (sem) |
|
| akana | akana |
Affected:
2022.1.1 , < 2022.1.1 (Patch)
(semver)
Affected: 2022.1.2 , < 2022.1.2 (Patch) (semver) Affected: 2022.1.3 , < 2022.1.3 (Patch) (semver) Affected: 0.0.0 , < 2024.1.0 (semver) cpe:2.3:a:akana:akana:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:akana:akana:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "akana",
"vendor": "akana",
"versions": [
{
"lessThan": "2022.1.1 (Patch)",
"status": "affected",
"version": "2022.1.1",
"versionType": "semver"
},
{
"lessThan": "2022.1.2 (Patch)",
"status": "affected",
"version": "2022.1.2",
"versionType": "semver"
},
{
"lessThan": "2022.1.3 (Patch)",
"status": "affected",
"version": "2022.1.3",
"versionType": "semver"
},
{
"lessThan": "2024.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T17:53:57.478134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T14:14:05.527Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:01.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.perforce.com/s/detail/a91PA000001SUAfYAO"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Akana API Platform",
"vendor": "Akana",
"versions": [
{
"lessThan": "2022.1.1 (CVE-2024-3826 Patch)",
"status": "affected",
"version": "2022.1.1",
"versionType": "semver"
},
{
"lessThan": "2022.1.2 (CVE-2024-3826 Patch)",
"status": "affected",
"version": "2022.1.2",
"versionType": "semver"
},
{
"lessThan": "2022.1.3 (CVE-2024-3826 Patch)",
"status": "affected",
"version": "2022.1.3",
"versionType": "semver"
},
{
"lessThan": "2024.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "sem"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In versions of Akana in versions prior to and including 2022.1.3 validation is broken when using the SAML Single Sign-On (SSO) functionality. \u0026nbsp;"
}
],
"value": "In versions of Akana in versions prior to and including 2022.1.3 validation is broken when using the SAML Single Sign-On (SSO) functionality."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T17:53:03.158Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001SUAfYAO"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Broken SAML Validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2024-3826",
"datePublished": "2024-07-02T15:49:09.391Z",
"dateReserved": "2024-04-15T14:59:43.658Z",
"dateUpdated": "2024-08-14T14:14:05.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2796 (GCVE-0-2024-2796)
Vulnerability from nvd – Published: 2024-04-18 15:04 – Updated: 2024-09-17 16:00
VLAI
Title
SSRF in Akana API Platform
Summary
A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson.
Severity
9.3 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Akana | Akana API Platform |
Affected:
2022.1.1 , < 2022.1.1 (CVE-2024-2796 Patch)
(semver)
Affected: 2022.1.2 , < 2022.1.2 (CVE-2024-2796 Patch) (semver) Affected: 0.0.0 , < 2024.1.0 (semver) Affected: 0.0.0 , < 2022.1.3.2 (semver) |
|
| akana | akana_api_platform |
Affected:
2022.1.1 , < 2022.1.1
(semver)
Affected: 2022.1.2 , < 2022.1.2 (semver) Affected: 2022.1.3 , < 2022.1.3 (semver) Affected: 0.0.0 , < 2024.1.0 (semver) cpe:2.3:a:akana:akana_api_platform:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:41.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.perforce.com/s/detail/a91PA000001STuXYAW"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:akana:akana_api_platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "akana_api_platform",
"vendor": "akana",
"versions": [
{
"lessThan": "2022.1.1",
"status": "affected",
"version": "2022.1.1",
"versionType": "semver"
},
{
"lessThan": "2022.1.2",
"status": "affected",
"version": "2022.1.2",
"versionType": "semver"
},
{
"lessThan": "2022.1.3",
"status": "affected",
"version": "2022.1.3",
"versionType": "semver"
},
{
"lessThan": "2024.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T19:12:07.968499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T16:00:42.155Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Akana API Platform",
"vendor": "Akana",
"versions": [
{
"lessThan": "2022.1.1 (CVE-2024-2796 Patch)",
"status": "affected",
"version": "2022.1.1",
"versionType": "semver"
},
{
"lessThan": "2022.1.2 (CVE-2024-2796 Patch)",
"status": "affected",
"version": "2022.1.2",
"versionType": "semver"
},
{
"lessThan": "2024.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.1.3.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003eA server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson.\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T20:38:32.167Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001STuXYAW"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SSRF in Akana API Platform",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2024-2796",
"datePublished": "2024-04-18T15:04:56.099Z",
"dateReserved": "2024-03-21T18:15:09.714Z",
"dateUpdated": "2024-09-17T16:00:42.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}