Vulnerability Details CVE-2024-37350
There is a cross-site scripting vulnerability in the policy
management UI of Absolute Secure Access prior to version 13.06. Attackers can
interfere with a system administrator’s use of the policy management UI when
the attacker convinces the victim administrator to follow a crafted link to the
vulnerable component while the attacking administrator is authenticated to the
console. The scope is unchanged, there is no loss of confidentiality. Impact to
system integrity is high, impact to system availability is none.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.4%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2024-37350
-
cpe:2.3:a:absolute:secure_access:-
-
cpe:2.3:a:absolute:secure_access:12.50
-
cpe:2.3:a:absolute:secure_access:12.70
-
cpe:2.3:a:absolute:secure_access:13.04
-
cpe:2.3:a:absolute:secure_access:13.05