Lucene search

K

20 matches found

CVE
CVE
added 2025/05/28 9:15 p.m.59 views

CVE-2025-27706

CVE-2025-27706 is a cross-site scripting vulnerability in the managementconsole of Absolute Secure Access prior to version 13.54. Attackerswith system administrator permissions can interfere with another systemadministrator’s use of the management console when the secondadministrator visits the pag...

4.6CVSS5.9AI score0.00032EPSS
CVE
CVE
added 2024/06/20 6:15 p.m.50 views

CVE-2024-37349

There is a cross-site scripting vulnerability in themanagement UI of Absolute Secure Access prior to version 13.06. Attackers withsystem administrator permissions can interfere with other systemadministrator’s use of the management UI when the victim administrator editsthe same management object. T...

4.5CVSS4AI score0.00282EPSS
CVE
CVE
added 2024/06/20 6:15 p.m.50 views

CVE-2024-37351

There is a cross-site scripting vulnerability in themanagement UI of Absolute Secure Access prior to version 13.06. Attackers withsystem administrator permissions can interfere with other systemadministrator’s use of the management UI when the second administrator lateredits the same management obj...

4.5CVSS4AI score0.00282EPSS
CVE
CVE
added 2025/05/28 9:15 p.m.50 views

CVE-2025-27703

CVE-2025-27703 is a privilege escalation vulnerability in the managementconsole of Absolute Secure Access prior to version 13.54. Attackerswith administrative access to a specific subset of privileged featuresin the console can elevate their permissions to access additionalfeatures in the console. ...

7CVSS6.6AI score0.0004EPSS
CVE
CVE
added 2024/06/20 5:15 p.m.49 views

CVE-2024-37345

There is a cross-site scripting vulnerability in the SecureAccess administrative UI of Absolute Secure Access prior to version 13.06.Attackers can pass a limited-length script to the administrative UI which isthen stored where an administrator can access it. The scope is unchanged, thereis no loss ...

5.4CVSS5AI score0.00296EPSS
CVE
CVE
added 2024/06/20 5:15 p.m.49 views

CVE-2024-37346

There is an insufficient input validation vulnerability inthe Warehouse component of Absolute Secure Access prior to 13.06. Attackerswith system administrator permissions can impair the availability of certainelements of the Secure Access administrative UI by writing invalid data to thewarehouse ov...

4.9CVSS5.1AI score0.00124EPSS
CVE
CVE
added 2024/06/20 5:15 p.m.48 views

CVE-2024-37348

There is a cross-sitescripting vulnerability in the management UI of Absolute Secure Access prior toversion 13.06. Attackers with system administrator permissions can interferewith another system administrator’s use of the management UI when the secondadministrator later edits the same management o...

4.5CVSS4.1AI score0.00282EPSS
CVE
CVE
added 2025/05/28 9:15 p.m.48 views

CVE-2025-27702

CVE-2025-27702 is a vulnerability in the management console of AbsoluteSecure Access prior to version 13.54. Attackers with administrativeaccess to the console and who have been assigned a certain set ofpermissions can bypass those permissions to improperly modify settings.The attack complexity is ...

6.9CVSS6.7AI score0.00031EPSS
CVE
CVE
added 2024/06/20 5:15 p.m.45 views

CVE-2024-37344

There is a cross-site scripting vulnerability in the Policymanagement UI of Absolute Secure Access prior to version 13.06. Attackers withsystem administrator permissions can interfere with another systemadministrator’s use of the policy management UI when the administrators areediting the same poli...

4.5CVSS4.1AI score0.00186EPSS
CVE
CVE
added 2024/06/20 5:15 p.m.42 views

CVE-2024-37343

There is a cross-site scripting vulnerability in the SecureAccess administrative console of Absolute Secure Access prior to version 13.06.Attackers with valid tunnel credentials can pass a limited-length script to theadministrative console which is then temporarily stored where an administratorusin...

5.4CVSS4.9AI score0.00621EPSS
CVE
CVE
added 2024/06/20 5:15 p.m.42 views

CVE-2024-37347

There is a cross-site scripting vulnerability in the poolconfiguration component of the management UI of Absolute Secure Access prior to13.06. Attackers with system administrator permissions can pass a limitedlength script to be run by another administrator. The scope is unchanged, thereis no loss ...

4.5CVSS4.1AI score0.00282EPSS
CVE
CVE
added 2024/06/20 6:15 p.m.41 views

CVE-2024-37352

There is a cross-site scripting vulnerability in themanagement UI of Absolute Secure Access prior to version 13.06 that allowsattackers with system administrator permissions to interfere with other systemadministrators’ use of the management UI when the second administrator accessesthe vulnerable p...

4.5CVSS4.1AI score0.00282EPSS
CVE
CVE
added 2024/06/20 6:15 p.m.39 views

CVE-2024-37350

There is a cross-site scripting vulnerability in the policymanagement UI of Absolute Secure Access prior to version 13.06. Attackers caninterfere with a system administrator’s use of the policy management UI whenthe attacker convinces the victim administrator to follow a crafted link to thevulnerab...

6.5CVSS5.1AI score0.00536EPSS
CVE
CVE
added 2024/07/25 6:15 p.m.38 views

CVE-2024-40873

There is a cross-site scripting vulnerability in the SecureAccess administrative console of Absolute Secure Access prior to version 13.07.Attackers with system administrator permissions can interfere with anothersystem administrator’s use of the publishing UI when the administrators areediting the ...

4.5CVSS4.5AI score0.00167EPSS
CVE
CVE
added 2025/06/12 6:15 p.m.36 views

CVE-2025-49081

There is an insufficient input validation vulnerability in the warehousecomponent of Absolute Secure Access prior to server version 13.55. Attackerswith system administrator permissions can impair the availability of the SecureAccess administrative UI by writing invalid data to the warehouse over t...

6.9CVSS6.5AI score0.00072EPSS
CVE
CVE
added 2025/06/12 5:15 p.m.35 views

CVE-2025-49080

There is a memory management vulnerability in AbsoluteSecure Access server versions 9.0 to 13.54. Attackers with network access tothe server can cause a Denial of Service by sending a specially craftedsequence of packets to the server. The attack complexity is low, there are noattack requirements, ...

8.7CVSS7AI score0.00063EPSS
CVE
CVE
added 2025/07/31 12:15 a.m.7 views

CVE-2025-49083

CVE-2025-49083 is a vulnerability in the management consoleof Absolute Secure Access after version 12.00 and prior to version 13.56.Attackers with administrative access to the console can cause unsafe content tobe deserialized and executed in the security context of the console. The attackcomplexit...

7.2CVSS6.5AI score0.00155EPSS
CVE
CVE
added 2025/07/31 12:15 a.m.6 views

CVE-2025-49082

CVE-2025-49082 is a vulnerability in the management consoleof Absolute Secure Access prior to version 13.56. Attackers with administrativeaccess to the console and who have been assigned a certain set of permissionscan bypass those permissions to improperly read other settings. The attackcomplexity...

5.1CVSS6.5AI score0.00026EPSS
CVE
CVE
added 2025/07/31 12:15 a.m.6 views

CVE-2025-49084

CVE-2025-49084 is a vulnerability in the management consoleof Absolute Secure Access prior to version 13.56. Attackers with administrativeaccess can overwrite policy rules without the requisite permissions. The attackcomplexity is low, attack requirements are present, privileges required arehigh an...

9.1CVSS6.5AI score0.00041EPSS
CVE
CVE
added 2025/07/31 12:15 a.m.5 views

CVE-2025-54085

CVE-2025-54085 is a vulnerability in the management consoleof Absolute Secure Access prior to version 13.56. Attackers with administrativeaccess to the console and who have been assigned a certain set of permissionscan bypass those permissions to improperly read or change other settings. Theattack ...

5.1CVSS6.5AI score0.00026EPSS