CVE-2024-37343
CVSS V2 None
CVSS V3 None
Description
There is a cross-site scripting vulnerability in the Secure
Access administrative console of Absolute Secure Access prior to version 13.06.
Attackers with valid tunnel credentials can pass a limited-length script to the
administrative console which is then temporarily stored where an administrator
using a non-default configuration could click on it while the attacker has a
valid tunnel session with the server. The scope is unchanged, there is no loss
of confidentiality. Impact to system availability is none, impact to system
integrity is high.
Overview
- CVE ID
- CVE-2024-37343
- Assigner
- Absolute
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-06-20T16:30:21.053Z
- Last Modified Date
- 2024-06-20T20:46:12.606Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37343/ |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-37343 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37343 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 01:18:00 | Added to TrackCVE |