Perforce Akana Community Manager Portal vulnerable to SSRF attacks
Take action: If you are using Perforce Akana Community Manager Developer Portal, time to update it. Not a panic mode patch, but definitely should be high on the priority list.
Learn More
A critical vulnerability has been discovered in the Perforce Akana Community Manager Developer Portal, which exposes organizations to server-side request forgery (SSRF) attacks. The Akana Community Manager Developer Portal is widely used by organizations to create and manage developer portals for their APIs.
The vulnerability is tracked as CVE-2024-2796 (CVSS score 9.3). Server-Side Request Forgery (SSRF) is a type of cybersecurity vulnerability that allows an attacker to send requests from a vulnerable server to other systems, which the server can access but should not. This can lead to unauthorized actions, such as accessing private APIs, interacting with internal services, or retrieving sensitive data that the server can reach but is not exposed directly to the attacker.
The affected versions of the Perforce Akana Community Manager Developer Portal include 2022.1.1, 2022.1.2, and 2022.1.3.
To address this issue, patches have been released for each affected version, labeled as CVE-2024-2796 Patch. It is highly recommended that organizations using the Akana Community Manager Developer Portal update to one of the patched versions immediately to mitigate the risk of exploitation.
