Akamai App & API Protector WAF Bypass Vulnerability in Application Security Edge

Vulnerability

A vulnerability exists in Akamai App & API Protector (with Akamai ASE) in Rule 3000216 (prior to version 2) that allows for a WAF bypass. This issue arises because the rule does not properly account for JavaScript variable assignments to built-in functions and properties, leading to potential exploitation such as reflected cross-site scripting.

Impact

Exploitation of this vulnerability could lead to a bypass of web application firewall (WAF) protections, allowing malicious payloads to be processed by the application. This could be exploited to perform reflected cross-site scripting, where an attacker could inject malicious scripts that are executed in the context of the user's browser.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.0

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.0

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Akamai App & API Protector WAF Bypass Vulnerability in Application Security Edge

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating