AbsoluteVULNRICHMENT:CVE-2024-37350CVE-2024-37350 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
5.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
There is a cross-site scripting vulnerability in the policy
management UI of Absolute Secure Access prior to version 13.06. Attackers can
interfere with a system administrator’s use of the policy management UI when
the attacker convinces the victim administrator to follow a crafted link to the
vulnerable component while the attacking administrator is authenticated to the
console. The scope is unchanged, there is no loss of confidentiality. Impact to
system integrity is high, impact to system availability is none.
CNA Affected
[
{
"vendor": "Absolute Software",
"product": "Secure Access",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "13.06",
"versionType": "Server"
}
],
"defaultStatus": "unaffected"
}
]
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
5.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%