There is a cross-site scripting vulnerability in the
management UI of Absolute Secure Access prior to version 13.06. Attackers with
system administrator permissions can interfere with other system
administrator’s use of the management UI when the second administrator later
edits the same management object. This vulnerability is distinct from CVE-2024-37348 and
CVE-2024-37349. The scope is unchanged, there is no loss of confidentiality. Impact
to system integrity is high, impact to system availability is none.
References
Link | Resource |
---|---|
https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37351/ | Vendor Advisory |
Configurations
History
09 Sep 2024, 13:14
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.4 |
Summary |
|
|
First Time |
Absolute
Absolute secure Access |
|
References | () https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37351/ - Vendor Advisory |
20 Jun 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-20 18:15
Updated : 2024-09-09 13:14
NVD link : CVE-2024-37351
Mitre link : CVE-2024-37351
CVE.ORG link : CVE-2024-37351
JSON object : View
Products Affected
absolute
- secure_access
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')