Lucene search

AbsoluteCVE-2024-37347

HistoryJun 20, 2024 - 5:15 p.m.

CVE-2024-37347

2024-06-2017:15:51

CWE-79

Absolute

web.nvd.nist.gov

cross-site scripting

absolute secure access

management ui

system integrity

system availability

CVSS3

4.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

AI Score

4.5

Confidence

High

EPSS

Percentile

14.5%

JSON

There is a cross-site scripting vulnerability in the pool
configuration component of the management UI of Absolute Secure Access prior to
13.06. Attackers with system administrator permissions can pass a limited
length script to be run by another administrator. The scope is unchanged, there
is no loss of confidentiality. Impact to system integrity is high, impact to
system availability is none.

Affected configurations

Nvd

Node

absolutesecure_accessRange<13.06

VendorProductVersionCPE
absolutesecure_access*cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
absolute	secure_access	*	cpe:2.3:a:absolute:secure_access::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Secure Access",
    "vendor": "Absolute Software",
    "versions": [
      {
        "lessThan": "13.06",
        "status": "affected",
        "version": "0",
        "versionType": "Server"
      }
    ]
  }
]

References

www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37347/

CVSS3

4.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

AI Score

4.5

Confidence

High

EPSS

Percentile

14.5%

JSON

Related for CVE-2024-37347