4.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
0.0004 Low
EPSS
Percentile
9.0%
There is a cross-site scripting vulnerability in the
management UI of Absolute Secure Access prior to version 13.06. Attackers with
system administrator permissions can interfere with other system
administrator’s use of the management UI when the second administrator later
edits the same management object. This vulnerability is distinct from CVE-2024-37348 and
CVE-2024-37349. The scope is unchanged, there is no loss of confidentiality. Impact
to system integrity is high, impact to system availability is none.