Lucene search

[email protected]NVD:CVE-2024-37350

HistoryJun 20, 2024 - 6:15 p.m.

CVE-2024-37350

2024-06-2018:15:12

CWE-79

[email protected]

web.nvd.nist.gov

cross-site scripting

absolute secure access

version 13.06

policy management

administrator

crafted link

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.0004 Low

EPSS

Percentile

9.2%

JSON

There is a cross-site scripting vulnerability in the policy
management UI of Absolute Secure Access prior to version 13.06. Attackers can
interfere with a system administrator’s use of the policy management UI when
the attacker convinces the victim administrator to follow a crafted link to the
vulnerable component while the attacking administrator is authenticated to the
console. The scope is unchanged, there is no loss of confidentiality. Impact to
system integrity is high, impact to system availability is none.

References

www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37350/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for NVD:CVE-2024-37350

cvelist1 cve1 vulnrichment1