In this post, we cover the technical details of  CVE-2021-28091 , the vulnerability impacting Akamai's Enterprise Application Access (EAA) platform. We cover our investigation, remediation and disclosure process for the vulnerability. For an overview of the vulnerability, the impact to Akamai, the impact to EAA customers and actions required, please see our  companion report . \n Overview \n In this section, we will walk you through the history and anatomy of this vulnerability. Some readers may wish to skip this section for now and go directly to the Actions Required section, using this Overview for reference in any assessments that they need to conduct or for future reviews. \n Prior to Akamai's acquisition of the EAA technology through its acquisition of Soha Systems in 2016, a key feature was introduced to the platform allowing customers of the platform to make access control and authentication decisions based on identity information provided by a third-party identity provider.…