16 matches found
CVE-2025-27706
CVE-2025-27706 is a cross-site scripting vulnerability in the managementconsole of Absolute Secure Access prior to version 13.54. Attackerswith system administrator permissions can interfere with another systemadministrator’s use of the management console when the secondadministrator visits the pag...
CVE-2024-37349
There is a cross-site scripting vulnerability in themanagement UI of Absolute Secure Access prior to version 13.06. Attackers withsystem administrator permissions can interfere with other systemadministrator’s use of the management UI when the victim administrator editsthe same management object. T...
CVE-2024-37351
There is a cross-site scripting vulnerability in themanagement UI of Absolute Secure Access prior to version 13.06. Attackers withsystem administrator permissions can interfere with other systemadministrator’s use of the management UI when the second administrator lateredits the same management obj...
CVE-2025-27703
CVE-2025-27703 is a privilege escalation vulnerability in the managementconsole of Absolute Secure Access prior to version 13.54. Attackerswith administrative access to a specific subset of privileged featuresin the console can elevate their permissions to access additionalfeatures in the console. ...
CVE-2024-37345
There is a cross-site scripting vulnerability in the SecureAccess administrative UI of Absolute Secure Access prior to version 13.06.Attackers can pass a limited-length script to the administrative UI which isthen stored where an administrator can access it. The scope is unchanged, thereis no loss ...
CVE-2024-37346
There is an insufficient input validation vulnerability inthe Warehouse component of Absolute Secure Access prior to 13.06. Attackerswith system administrator permissions can impair the availability of certainelements of the Secure Access administrative UI by writing invalid data to thewarehouse ov...
CVE-2024-37348
There is a cross-sitescripting vulnerability in the management UI of Absolute Secure Access prior toversion 13.06. Attackers with system administrator permissions can interferewith another system administrator’s use of the management UI when the secondadministrator later edits the same management o...
CVE-2025-27702
CVE-2025-27702 is a vulnerability in the management console of AbsoluteSecure Access prior to version 13.54. Attackers with administrativeaccess to the console and who have been assigned a certain set ofpermissions can bypass those permissions to improperly modify settings.The attack complexity is ...
CVE-2024-37344
There is a cross-site scripting vulnerability in the Policymanagement UI of Absolute Secure Access prior to version 13.06. Attackers withsystem administrator permissions can interfere with another systemadministrator’s use of the policy management UI when the administrators areediting the same poli...
CVE-2024-37343
There is a cross-site scripting vulnerability in the SecureAccess administrative console of Absolute Secure Access prior to version 13.06.Attackers with valid tunnel credentials can pass a limited-length script to theadministrative console which is then temporarily stored where an administratorusin...
CVE-2024-37347
There is a cross-site scripting vulnerability in the poolconfiguration component of the management UI of Absolute Secure Access prior to13.06. Attackers with system administrator permissions can pass a limitedlength script to be run by another administrator. The scope is unchanged, thereis no loss ...
CVE-2024-37352
There is a cross-site scripting vulnerability in themanagement UI of Absolute Secure Access prior to version 13.06 that allowsattackers with system administrator permissions to interfere with other systemadministrators’ use of the management UI when the second administrator accessesthe vulnerable p...
CVE-2024-37350
There is a cross-site scripting vulnerability in the policymanagement UI of Absolute Secure Access prior to version 13.06. Attackers caninterfere with a system administrator’s use of the policy management UI whenthe attacker convinces the victim administrator to follow a crafted link to thevulnerab...
CVE-2024-40873
There is a cross-site scripting vulnerability in the SecureAccess administrative console of Absolute Secure Access prior to version 13.07.Attackers with system administrator permissions can interfere with anothersystem administrator’s use of the publishing UI when the administrators areediting the ...
CVE-2025-49081
There is an insufficient input validation vulnerability in the warehousecomponent of Absolute Secure Access prior to server version 13.55. Attackerswith system administrator permissions can impair the availability of the SecureAccess administrative UI by writing invalid data to the warehouse over t...
CVE-2025-49080
There is a memory management vulnerability in AbsoluteSecure Access server versions 9.0 to 13.54. Attackers with network access tothe server can cause a Denial of Service by sending a specially craftedsequence of packets to the server. The attack complexity is low, there are noattack requirements, ...