Lucene search

AbsoluteCVELIST:CVE-2024-37347

HistoryJun 20, 2024 - 4:56 p.m.

CVE-2024-37347 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06

2024-06-2016:56:50

CWE-79

Absolute

www.cve.org

cve-2024-37347

cross-site scripting

absolute secure access

administrative console

13.06

management ui

system administrator permissions

limited length script

system integrity

4.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

There is a cross-site scripting vulnerability in the pool
configuration component of the management UI of Absolute Secure Access prior to
13.06. Attackers with system administrator permissions can pass a limited
length script to be run by another administrator. The scope is unchanged, there
is no loss of confidentiality. Impact to system integrity is high, impact to
system availability is none.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Secure Access",
    "vendor": "Absolute Software",
    "versions": [
      {
        "lessThan": "13.06",
        "status": "affected",
        "version": "0",
        "versionType": "Server"
      }
    ]
  }
]

References

www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37347/

4.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-37347