CVE-2025-27706

CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access before version 13.54. Attackers with system administrator permissions can interfere with another admin’s use of the console. The issue is due to improper handling of input in the management ...

CVE-2025-27703

CVE-2025-27703 affects Absolute Secure Access prior to version 13.54, with a privilege-escalation in the management console. Attackers with administrative access to a subset of privileged features can elevate permissions to access additional console features. Reported impacts: confidentiality low...

CVE-2024-37345

CVE-2024-37345 : Absolute Secure Access (Secure Access admin UI) prior to 13.06 has a stored cross‑site scripting vulnerability. An attacker can pass a limited‑length script to the admin UI, which is stored where an administrator can access it. Impact: confidentiality: Low; integrity: High; avail...

CVE-2024-37346

CVE-2024-37346 affects Absolute Secure Access (Warehouse component) prior to version 13.06. Root cause is insufficient input validation in the Warehouse when data is written to it over the network. Attackers with system administrator permissions can impair the availability of elements in the Secu...

CVE-2024-37349

CVE-2024-37349 describes a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. The issue allows attackers with system administrator permissions to interfere with other admins’ UI usage when the second administrator edits the same management ob...

CVE-2024-37348

Absoulte Secure Access vulnerability CVE-2024-37348/37349/37351 affects the management UI prior to version 13.06. The issue is cross-site scripting where attackers with system administrator permissions can interfere with another admin’s use when the second admin edits the same management object. ...

CVE-2025-27702

CVE-2025-27702 affects Absolute Secure Access prior to 13.54. The vulnerability is a permissions bypass in the management console that allows attackers with administrative access (and a specific permission set) to bypass restrictions and improperly modify settings. It has low attack complexity, r...

CVE-2024-37344

CVE-2024-37344 is a cross-site scripting vulnerability in the Policy management UI of Absolute Secure Access before version 13.06. The issue can be exploited by attackers who already have system administrator permissions to interfere with another admin’s use when editing the same policy object. R...

CVE-2024-37351

CVE-2024-37351 is a cross-site scripting vulnerability in the Absolute Secure Access management UI prior to version 13.06. Affected component is the management UI; root cause is an XSS flaw that allows a second administrator to interfere with another administrator’s use when editing the same mana...

CVE-2024-37343

CVE-2024-37343 describes a cross-site scripting vulnerability in the Absolute Secure Access administrative console (prior to version 13.06). Attackers with valid tunnel credentials can pass a limited-length script to the console, which is temporarily stored and could be triggered when an administ...

CVE-2024-37347

CVE-2024-37347 describes a cross-site scripting vulnerability in the pool configuration component of the Absolute Secure Access management UI prior to version 13.06. Attackers with system administrator permissions can pass a limited-length script to be executed by another administrator. The vulne...

CVE-2024-40873

CVE-2024-40873 affects Absolute Secure Access prior to version 13.07, specifically the Secure Access administrative console. The vulnerability is a cross-site scripting issue where attackers with system administrator permissions can interfere with another admin’s publishing UI while editing the s...

CVE-2024-37350

CVE-2024-37350 affects Absolute Secure Access’ policy management UI prior to version 13.06. The vulnerability is a cross-site scripting flaw in the UI component that allows an attacker to interfere with an administrator’s use when a victim user follows a crafted link while authenticated. Impact i...

CVE-2024-37352

There is a concrete vulnerability: CVE-2024-37352, a cross-site scripting flaw in the management UI of Absolute Secure Access prior to version 13.06. The issue allows attackers with system administrator permissions to interfere with other admins’ use of the management UI when the second administr...

CVE-2025-49081

CVE-2025-49081 is an input-validation flaw in the warehouse component of Absolute Secure Access, prior to server version 13.55. Attackers with system administrator privileges can impair the availability of the Secure Access administrative UI by sending invalid data over the network. No confidenti...

CVE-2025-49080

Absolute Secure Access server versions 9.0–13.54 contain a memory management vulnerability that can be exploited remotely to cause a Denial of Service. The issue allows a low-complexity, network-based attack requiring no privileges or user interaction, with high availability impact (no confidenti...

CVE-2025-49082

CVE-2025-49082 affects the management console of Absolute Secure Access, prior to version 13.56. The vulnerability allows attackers who have administrative access and a specific set of permissions to bypass permission checks and read other settings. According to the provided documents, attack com...

CVE-2025-49083

CVE-2025-49083 describes a data deserialization vulnerability in the management console of Absolute Secure Access (versions 12.00 up to 13.55). With high privileges and no user interaction , an attacker with administrative console access can deserialize and execute unsafe content in the console’s...

CVE-2025-49084

CVE-2025-49084 affects Absolute Secure Access management console prior to version 13.56. An administrator can overwrite policy rules without permissions due to a privilege-bypass issue (low integrity impact). Initial and connected sources describe high subsequent-system impact on confidentiality ...

CVE-2025-54085

CVE-2025-54085 is a privilege-escalation vulnerability in the management console of Absolute Secure Access prior to 13.56. Attackers with administrative access and a specific permission set can bypass permissions to read or change other settings. The issue is characterized by low impact to confid...

CVE-2026-0517

CVE-2026-0517: A denial-of-service flaw in Secure Access Server prior to 14.20 allows an attacker to crash the server by sending a specially crafted packet. Affected: Secure Access Server versions

CVE-2025-59595

CVE-2025-59595 is a denial-of-service vulnerability in Secure Access versions prior to 14.12. An attacker can send a specially crafted packet to a server configured in a non-default way, causing the server to crash. Affected software/functionality: Secure Access (before 14.12). Root cause: descri...

CVE-2025-59596

CVE-2025-59596 is a denial-of-service vulnerability in the Secure Access Windows client, affecting versions 12.0–14.10. When a local networking policy is active, a crafted packet sent from an adjacent network may cause the client to crash. The vulnerability is addressed in version 14.12. The CVSS...

CVE-2026-0519

CVE-2026-0519 : In Secure Access 12.70 and earlier than 14.20, the logging subsystem may write an unredacted authentication token to logs under certain configurations. This could allow any party with access to those logs to read the token and reuse it to access an integrated system. The provided ...

CVE-2026-33452

CVE-2026-33452 describes a buffer overflow in the Secure Access Windows client prior to version 14.50. The vulnerability allows an attacker with local control of the Windows client to trigger a blue screen, with potential impact to availability (per CVSS: LOCAL, low attack complexity, no privileg...

CVE-2025-54088

Open redirect vulnerability CVE-2025-54088 affects Secure Access prior to version 14.10. An attacker with console access can redirect victims to an arbitrary URL. Exploitation is low complexity and requires user participation, with low confidentiality impact locally and higher potential impact on...

CVE-2025-54086

CVE-2025-54086 affects Absolute Secure Access, Warehouse component, prior to version 14.10. The vulnerability is an excess-permissions issue enabling attackers with local file-system access to read the Java keystore file. Severity: CVSS 3.1 Base 3.3 (LOW) to CVSS 4.0 Base 5.3 (MEDIUM) depending o...

CVE-2026-0518

CVE-2026-0518 is described across multiple sources as a cross-site scripting vulnerability in Secure Access prior to version 14.20. The issue allows an administrator to interfere with another administrator’s use of the console. The available documents indicate a low to moderate impact: confidenti...

CVE-2026-33446

CVE-2026-33446 describes a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. An attacker-controlled server can send a special packet that overwrites memory, potentially causing memory corruption or denial of service. Affected component: authentication su...

CVE-2025-54089

CVE-2025-54089 affects Ivanti Secure Access Client prior to version 14.10. The issue is described as a cross-site scripting vulnerability that allows attackers with console administrative access to interfere with another administrator’s access. The attack has low complexity, requires high privile...

CVE-2026-33447

CVE-2026-33447 is a buffer overflow in the Secure Access client’s message parsing function prior to 14.50. An attacker able to control a modified server can send a crafted packet to overwrite a small portion of memory, potentially causing memory corruption or denial of service. Remediation: upgra...

CVE-2026-33449

CVE-2026-33449 describes a buffer overflow in a message handling function of the Secure Access client prior to 14.50. The vulnerability allows an attacker-controlled, cryptographically valid message from a modified server to overwrite a small portion of memory, potentially causing a denial of ser...

CVE-2026-33450

CVE-2026-33450 is an out-of-bounds read vulnerability affecting the Secure Access MacOS client prior to 14.50. According to Red Hat and PT Security, attackers under control of a modified server can send a malformed packet to the client, causing a denial of service. The PT Security advisory explic...

CVE-2025-54087

CVE-2025-54087 describes a server-side request forgery in Ivanti Secure Access prior to version 14.10. The vulnerability allows administrators to publish a crafted HTTP request originating from the Secure Access server, with attack complexity high, no required user interaction beyond administrati...

CVE-2026-33448

CVE-2026-33448 describes a format-string vulnerability in the MacOS Secure Access client logging subsystem prior to 14.50. By controlling a modified server, an attacker can cause the client to dump a small portion of memory to log files, potentially exposing secrets. Affected product: Secure Acce...

CVE-2026-40951

CVE-2026-40951 is a memory corruption vulnerability affecting Secure Access Windows clients prior to version 14.50. According to the description, adversaries with local control of the Windows client can send malformed data to an API, triggering a denial of service. The CVE notes a local attack ve...

CVE-2026-40949

CVE-2026-40949 affects the Secure Access Windows client (prior to version 14.50). The vulnerability is a buffer overflow in the Windows client component that attackers could exploit when they have local control of the host. The documented impact is a denial of service, with the CVSS 4.0 base scor...

CVE-2026-40950

CVE-2026-40950 is a buffer overflow in the Secure Access server prior to 14.50. The vulnerability can be triggered when an attacker in control of a modified client sends a specially crafted message to the server, leading to denial of service. The assessed CVSS 4.0 vector (AV:N/AC:L/PR:L/UI:N/VC:N...

CVE-2026-33451

CVE-2026-33451 : An arbitrary read/write vulnerability exists in the Secure Access Windows client prior to version 14.50. With local control of the Windows client, an attacker can send malformed data to a documented API and elevate privileges to SYSTEM. The connected documents confirm the affecte...