There is a cross-site scripting vulnerability in the
management UI of Absolute Secure Access prior to version 13.06 that allows
attackers with system administrator permissions to interfere with other system
administrators’ use of the management UI when the second administrator accesses
the vulnerable page. The scope is unchanged, there is no loss of
confidentiality. Impact to system integrity is high, impact to system
availability is none.
References
Configurations
History
21 Nov 2024, 09:23
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.5 |
References | () https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37352/ - Vendor Advisory |
09 Sep 2024, 13:14
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.4 |
Summary |
|
|
References | () https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37352/ - Vendor Advisory | |
CPE | cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:* | |
First Time |
Absolute
Absolute secure Access |
20 Jun 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-20 18:15
Updated : 2024-11-21 09:23
NVD link : CVE-2024-37352
Mitre link : CVE-2024-37352
CVE.ORG link : CVE-2024-37352
JSON object : View
Products Affected
absolute
- secure_access
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')