There is a cross-site scripting vulnerability in the Policy
management UI of Absolute Secure Access prior to version 13.06. Attackers with
system administrator permissions can interfere with another system
administrator’s use of the policy management UI when the administrators are
editing the same policy object. The scope is unchanged, there is no loss of
confidentiality. Impact to system availability is none, impact to system
integrity is high.
References
Configurations
History
21 Nov 2024, 09:23
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.5 |
References | () https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37344/ - Vendor Advisory |
06 Aug 2024, 13:49
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37344/ - Vendor Advisory | |
First Time |
Absolute
Absolute secure Access |
|
Summary |
|
|
CPE | cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.4 |
20 Jun 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-20 17:15
Updated : 2024-11-21 09:23
NVD link : CVE-2024-37344
Mitre link : CVE-2024-37344
CVE.ORG link : CVE-2024-37344
JSON object : View
Products Affected
absolute
- secure_access
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')