There is a cross-site
scripting vulnerability in the management UI of Absolute Secure Access prior to
version 13.06. Attackers with system administrator permissions can interfere
with another system administrator’s use of the management UI when the second
administrator later edits the same management object. This vulnerability is
distinct from CVE-2024-37349 and CVE-2024-37351. The scope is unchanged,
there is no loss of confidentiality. Impact to system integrity is high, impact
to system availability is none.
References
Configurations
History
21 Nov 2024, 09:23
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.5 |
References | () https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37348/ - Vendor Advisory |
07 Aug 2024, 16:37
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37348/ - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.4 |
Summary |
|
|
First Time |
Absolute
Absolute secure Access |
|
CPE | cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:* |
20 Jun 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-20 17:15
Updated : 2024-11-21 09:23
NVD link : CVE-2024-37348
Mitre link : CVE-2024-37348
CVE.ORG link : CVE-2024-37348
JSON object : View
Products Affected
absolute
- secure_access
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')