There is a cross-site scripting vulnerability in the Secure
Access administrative console of Absolute Secure Access prior to version 13.07.
Attackers with system administrator permissions can interfere with another
system administrator’s use of the publishing UI when the administrators are
editing the same management object. The scope is unchanged, there is no loss of
confidentiality. Impact to system availability is none, impact to system
integrity is high.
References
Configurations
History
21 Nov 2024, 09:31
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.5 |
References | () https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1307/cve-2024-40873/ - Vendor Advisory |
02 Aug 2024, 19:57
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.4 |
First Time |
Absolute
Absolute secure Access |
|
References | () https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1307/cve-2024-40873/ - Vendor Advisory |
26 Jul 2024, 12:38
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
25 Jul 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-25 18:15
Updated : 2024-11-21 09:31
NVD link : CVE-2024-40873
Mitre link : CVE-2024-40873
CVE.ORG link : CVE-2024-40873
JSON object : View
Products Affected
absolute
- secure_access
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')