CVE-2024-37350
CVSS V2 None
CVSS V3 None
Description
There is a cross-site scripting vulnerability in the policy
management UI of Absolute Secure Access prior to version 13.06. Attackers can
interfere with a system administrator’s use of the policy management UI when
the attacker convinces the victim administrator to follow a crafted link to the
vulnerable component while the attacking administrator is authenticated to the
console. The scope is unchanged, there is no loss of confidentiality. Impact to
system integrity is high, impact to system availability is none.
Overview
- CVE ID
- CVE-2024-37350
- Assigner
- Absolute
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-06-20T17:18:33.952Z
- Last Modified Date
- 2024-06-21T16:14:44.589Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37350/ |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-37350 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37350 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-26 01:22:30 | Added to TrackCVE |