There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the management UI when the second administrator later edits the same management object. This vulnerability is distinct from CVE-2024-37349 and CVE-2024-37351. The scope is unchanged, there is no loss of confidentiality. Impact to system integrity is high, impact to system availability is none.
History

Wed, 07 Aug 2024 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Absolute
Absolute secure Access
CPEs cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*
Vendors & Products Absolute
Absolute secure Access

cve-icon MITRE

Status: PUBLISHED

Assigner: Absolute

Published: 2024-06-20T17:05:04.866Z

Updated: 2024-08-02T03:50:56.211Z

Reserved: 2024-06-05T21:07:26.876Z

Link: CVE-2024-37348

cve-icon Vulnrichment

Updated: 2024-06-25T15:08:42.832Z

cve-icon NVD

Status : Modified

Published: 2024-06-20T17:15:52.080

Modified: 2024-11-21T09:23:41.883

Link: CVE-2024-37348

cve-icon Redhat

No data.