Lucene search

AbsoluteVULNRICHMENT:CVE-2024-37347

HistoryJun 20, 2024 - 4:56 p.m.

CVE-2024-37347 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06

2024-06-2016:56:50

CWE-79

Absolute

github.com

cve-2024-37347

cross-site scripting

absolute secure access

administrative console

management ui

system integrity

system availability

CVSS3

4.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

AI Score

6.1

Confidence

High

EPSS

Percentile

14.5%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

There is a cross-site scripting vulnerability in the pool
configuration component of the management UI of Absolute Secure Access prior to
13.06. Attackers with system administrator permissions can pass a limited
length script to be run by another administrator. The scope is unchanged, there
is no loss of confidentiality. Impact to system integrity is high, impact to
system availability is none.

CNA Affected

[
  {
    "vendor": "Absolute Software",
    "product": "Secure Access",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "13.06",
        "versionType": "Server"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37347/

CVSS3

4.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

AI Score

6.1

Confidence

High

EPSS

Percentile

14.5%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-37347