Lucene search

AbsoluteCVELIST:CVE-2024-40873

HistoryJul 25, 2024 - 5:19 p.m.

CVE-2024-40873 XSS in Secure Access administrative console

2024-07-2517:19:28

CWE-79

Absolute

www.cve.org

cve-2024-40873

cross-site scripting

secure access admin.

CVSS3

4.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

EPSS

Percentile

14.0%

JSON

There is a cross-site scripting vulnerability in the Secure
Access administrative console of Absolute Secure Access prior to version 13.07.
Attackers with system administrator permissions can interfere with another
system administrator’s use of the publishing UI when the administrators are
editing the same management object. The scope is unchanged, there is no loss of
confidentiality. Impact to system availability is none, impact to system
integrity is high.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "Console",
    "product": "Secure Access",
    "vendor": "Absolute Security",
    "versions": [
      {
        "lessThan": "13.07",
        "status": "affected",
        "version": "0",
        "versionType": "server"
      }
    ]
  }
]

References

www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1307/cve-2024-40873/

CVSS3

4.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

EPSS

Percentile

14.0%

JSON

Related for CVELIST:CVE-2024-40873