5093 matches found
CVE-2024-37352 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06
There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06 that allows attackers with system administrator permissions to interfere with other system administrators’ use of the management UI when the second administrator accesses the...
CVE-2024-37352
There is a concrete vulnerability: CVE-2024-37352, a cross-site scripting flaw in the management UI of Absolute Secure Access prior to version 13.06. The issue allows attackers with system administrator permissions to interfere with other admins’ use of the management UI when the second administr...
CVE-2024-37351 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06
There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the second administrator later edits the same manageme...
CVE-2024-37351 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06
There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the second administrator later edits the same manageme...
CVE-2024-37350
CVE-2024-37350 affects Absolute Secure Access’ policy management UI prior to version 13.06. The vulnerability is a cross-site scripting flaw in the UI component that allows an attacker to interfere with an administrator’s use when a victim user follows a crafted link while authenticated. Impact i...
CVE-2024-37348
There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the management UI when the second administrator later edits the same...
CVE-2024-37349 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06
There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the victim administrator edits the same management...
CVE-2024-37348 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06
There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the management UI when the second administrator later edits the same...
CVE-2024-37348
Absoulte Secure Access vulnerability CVE-2024-37348/37349/37351 affects the management UI prior to version 13.06. The issue is cross-site scripting where attackers with system administrator permissions can interfere with another admin’s use when the second admin edits the same management object. ...
CVE-2024-37348 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06
There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the management UI when the second administrator later edits the same...
CVE-2024-37347 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06
There is a cross-site scripting vulnerability in the pool configuration component of the management UI of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can pass a limited length script to be run by another administrator. The scope is unchanged, there is no...
CVE-2024-37347
CVE-2024-37347 describes a cross-site scripting vulnerability in the pool configuration component of the Absolute Secure Access management UI prior to version 13.06. Attackers with system administrator permissions can pass a limited-length script to be executed by another administrator. The vulne...
Absolute Secure Access Security Vulnerability
Absolute Secure Access is an application from Absolute, Inc. to provide Secure Service Edge SSE optimized for hybrid and mobile working models. A security vulnerability exists in versions prior to Absolute Secure Access 13.06 that stems from insufficient validation of input. An attacker exploitin...
BIT-KIBANA-2024-37279 Kibana Broken Access Control issue
A flaw was discovered in Kibana, allowing view-only users of alerting to use the runsoon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries...
BIT-ELK-2024-37279 Kibana Broken Access Control issue
A flaw was discovered in Kibana, allowing view-only users of alerting to use the runsoon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries...
CVE-2024-37279
A flaw was discovered in Kibana, allowing view-only users of alerting to use the runsoon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries...
CVE-2024-37279
A flaw was discovered in Kibana, allowing view-only users of alerting to use the runsoon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries...
CVE-2024-37279 Kibana Broken Access Control issue
A flaw was discovered in Kibana, allowing view-only users of alerting to use the runsoon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries...
CVE-2024-37279 Kibana Broken Access Control issue
A flaw was discovered in Kibana, allowing view-only users of alerting to use the runsoon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries...
CVE-2024-37279
Summary (CVE-2024-37279) : Kibana contains a flaw in the alerting run_soon API that allows view-only alerting users to keep an alert rule running, potentially impacting system availability when complex queries run. Affected versions cited across sources include Kibana 8.6.3 through 8.13.4. The vu...