11 matches found
CVE-2024-37349
There is a cross-site scripting vulnerability in themanagement UI of Absolute Secure Access prior to version 13.06. Attackers withsystem administrator permissions can interfere with other systemadministrator’s use of the management UI when the victim administrator editsthe same management object. T...
CVE-2024-37351
There is a cross-site scripting vulnerability in themanagement UI of Absolute Secure Access prior to version 13.06. Attackers withsystem administrator permissions can interfere with other systemadministrator’s use of the management UI when the second administrator lateredits the same management obj...
CVE-2024-37345
There is a cross-site scripting vulnerability in the SecureAccess administrative UI of Absolute Secure Access prior to version 13.06.Attackers can pass a limited-length script to the administrative UI which isthen stored where an administrator can access it. The scope is unchanged, thereis no loss ...
CVE-2024-37346
There is an insufficient input validation vulnerability inthe Warehouse component of Absolute Secure Access prior to 13.06. Attackerswith system administrator permissions can impair the availability of certainelements of the Secure Access administrative UI by writing invalid data to thewarehouse ov...
CVE-2024-37348
There is a cross-sitescripting vulnerability in the management UI of Absolute Secure Access prior toversion 13.06. Attackers with system administrator permissions can interferewith another system administrator’s use of the management UI when the secondadministrator later edits the same management o...
CVE-2024-37344
There is a cross-site scripting vulnerability in the Policymanagement UI of Absolute Secure Access prior to version 13.06. Attackers withsystem administrator permissions can interfere with another systemadministrator’s use of the policy management UI when the administrators areediting the same poli...
CVE-2024-37343
There is a cross-site scripting vulnerability in the SecureAccess administrative console of Absolute Secure Access prior to version 13.06.Attackers with valid tunnel credentials can pass a limited-length script to theadministrative console which is then temporarily stored where an administratorusin...
CVE-2024-37347
There is a cross-site scripting vulnerability in the poolconfiguration component of the management UI of Absolute Secure Access prior to13.06. Attackers with system administrator permissions can pass a limitedlength script to be run by another administrator. The scope is unchanged, thereis no loss ...
CVE-2024-37352
There is a cross-site scripting vulnerability in themanagement UI of Absolute Secure Access prior to version 13.06 that allowsattackers with system administrator permissions to interfere with other systemadministrators’ use of the management UI when the second administrator accessesthe vulnerable p...
CVE-2024-37350
There is a cross-site scripting vulnerability in the policymanagement UI of Absolute Secure Access prior to version 13.06. Attackers caninterfere with a system administrator’s use of the policy management UI whenthe attacker convinces the victim administrator to follow a crafted link to thevulnerab...
CVE-2024-40873
There is a cross-site scripting vulnerability in the SecureAccess administrative console of Absolute Secure Access prior to version 13.07.Attackers with system administrator permissions can interfere with anothersystem administrator’s use of the publishing UI when the administrators areediting the ...