Absolute Security Vulnerabilities
Absolute Computrace Agent V80.845 and V80.866 does not have a digital signature for the configuration block, which allows attackers to set up communication with a web site other than the intended search.namequery.com site by modifying data within a disk's inter-partition space. This allows a privil...
6.7CVSS
6.8AI Score
0.0004EPSS
The stub component of Absolute Computrace Agent V70.785 executes code from a disk's inter-partition space without requiring a digital signature for that code, which allows attackers to execute code on the BIOS. This allows a privileged local user to achieve persistent control of BIOS behavior, inde...
6.7CVSS
6.6AI Score
0.0004EPSS
Absolute Computrace Agent, as distributed on certain Dell Inspiron systems through 2009, has a race condition with the Dell Client Configuration Utility (DCCU), which allows privileged local users to change Computrace Agent's activation/deactivation status to the factory default via a crafted TaskR...
4.1CVSS
4.2AI Score
0.0004EPSS
An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program executable (EXE) or dynamical...
8.8CVSS
8.5AI Score
0.001EPSS
There is a cross-site scripting vulnerability in the SecureAccess administrative console of Absolute Secure Access prior to version 13.06.Attackers with valid tunnel credentials can pass a limited-length script to theadministrative console which is then temporarily stored where an administratorusin...
5.4CVSS
4.9AI Score
0.0004EPSS
There is a cross-site scripting vulnerability in the Policymanagement UI of Absolute Secure Access prior to version 13.06. Attackers withsystem administrator permissions can interfere with another systemadministrator’s use of the policy management UI when the administrators areediting the same poli...
4.5CVSS
4.5AI Score
0.0004EPSS
There is a cross-site scripting vulnerability in the SecureAccess administrative UI of Absolute Secure Access prior to version 13.06.Attackers can pass a limited-length script to the administrative UI which isthen stored where an administrator can access it. The scope is unchanged, thereis no loss ...
5.4CVSS
5AI Score
0.0005EPSS
There is an insufficient input validation vulnerability inthe Warehouse component of Absolute Secure Access prior to 13.06. Attackerswith system administrator permissions can impair the availability of certainelements of the Secure Access administrative UI by writing invalid data to thewarehouse ov...
4.9CVSS
5.2AI Score
0.0004EPSS
There is a cross-site scripting vulnerability in the poolconfiguration component of the management UI of Absolute Secure Access prior to13.06. Attackers with system administrator permissions can pass a limitedlength script to be run by another administrator. The scope is unchanged, thereis no loss ...
4.5CVSS
4.5AI Score
0.0004EPSS
There is a cross-sitescripting vulnerability in the management UI of Absolute Secure Access prior toversion 13.06. Attackers with system administrator permissions can interferewith another system administrator’s use of the management UI when the secondadministrator later edits the same management o...
4.5CVSS
4.5AI Score
0.0004EPSS
There is a cross-site scripting vulnerability in themanagement UI of Absolute Secure Access prior to version 13.06. Attackers withsystem administrator permissions can interfere with other systemadministrator’s use of the management UI when the victim administrator editsthe same management object. T...
4.5CVSS
4.3AI Score
0.0004EPSS
There is a cross-site scripting vulnerability in the policymanagement UI of Absolute Secure Access prior to version 13.06. Attackers caninterfere with a system administrator’s use of the policy management UI whenthe attacker convinces the victim administrator to follow a crafted link to thevulnerab...
6.5CVSS
6AI Score
0.0005EPSS
There is a cross-site scripting vulnerability in themanagement UI of Absolute Secure Access prior to version 13.06. Attackers withsystem administrator permissions can interfere with other systemadministrator’s use of the management UI when the second administrator lateredits the same management obj...
4.5CVSS
4.3AI Score
0.0004EPSS
There is a cross-site scripting vulnerability in themanagement UI of Absolute Secure Access prior to version 13.06 that allowsattackers with system administrator permissions to interfere with other systemadministrators’ use of the management UI when the second administrator accessesthe vulnerable p...
4.5CVSS
4.4AI Score
0.0004EPSS
There is a cross-site scripting vulnerability in the SecureAccess administrative console of Absolute Secure Access prior to version 13.07.Attackers with system administrator permissions can interfere with anothersystem administrator’s use of the publishing UI when the administrators areediting the ...
4.5CVSS
4.5AI Score
0.0004EPSS