CVE-2025-27706

CVE-2025-27706 is a cross-site scripting vulnerability in the managementconsole of Absolute Secure Access prior to version 13.54. Attackerswith system administrator permissions can interfere with another systemadministrator’s use of the management console when the secondadministrator visits the pag...

CVE-2025-27703

CVE-2025-27703 is a privilege escalation vulnerability in the managementconsole of Absolute Secure Access prior to version 13.54. Attackerswith administrative access to a specific subset of privileged featuresin the console can elevate their permissions to access additionalfeatures in the console. ...

CVE-2025-27702

CVE-2025-27702 is a vulnerability in the management console of AbsoluteSecure Access prior to version 13.54. Attackers with administrativeaccess to the console and who have been assigned a certain set ofpermissions can bypass those permissions to improperly modify settings.The attack complexity is ...

CVE-2025-49081

There is an insufficient input validation vulnerability in the warehousecomponent of Absolute Secure Access prior to server version 13.55. Attackerswith system administrator permissions can impair the availability of the SecureAccess administrative UI by writing invalid data to the warehouse over t...

CVE-2025-49080

There is a memory management vulnerability in AbsoluteSecure Access server versions 9.0 to 13.54. Attackers with network access tothe server can cause a Denial of Service by sending a specially craftedsequence of packets to the server. The attack complexity is low, there are noattack requirements, ...