This post covers the details of CVE-2021-40683 (CVSS 6.5 ), the vulnerability impacting the Akamai Enterprise Application Access (EAA) Client running on Windows systems, for which Akamai has provided a patch to its customers. \r\n On August 31, 2021, Akamai was notified by a customer conducting an assessment of the EAA Client application that they had identified an unquoted service path vulnerability introduced when installing the client on an endpoint. Upon reviewing the report, Akamai initiated its incident management process to verify the report, create a fixed version of the EAA Client, and communicate the need for patching to its customers. Details about the vulnerability, the potential impact on clients, and the remediation process are covered in the remainder of this post. \r\n Vulnerability overview \r\n The vulnerability identified in the EAA Client is known as an unquoted service path or a path interception by unquoted path vulnerability.…