{"vulnerability": "CVE-2024-4087", "sightings": [{"uuid": "e9cfe9ac-44a6-476f-aa6a-a67972719c3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40875", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldrcmqimm322", "content": "", "creation_timestamp": "2024-12-20T21:15:31.039051Z"}, {"uuid": "c03ed9d8-7b0b-45d9-9c07-a49caefbaf95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40875", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113687004376620638", "content": "", "creation_timestamp": "2024-12-20T20:20:19.437012Z"}, {"uuid": "0d06a8d4-46a9-4da5-b5d5-f9924225ec02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40873", "type": "seen", "source": "https://t.me/cvedetector/1639", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-40873 - \"Absolute Secure Access Cross-Site Scripting\"\", \n  \"Content\": \"CVE ID : CVE-2024-40873 \nPublished : July 25, 2024, 6:15 p.m. | 37\u00a0minutes ago \nDescription : There is a cross-site scripting vulnerability in the Secure  \nAccess administrative console of Absolute Secure Access prior to version 13.07.  \nAttackers with system administrator permissions can interfere with another  \nsystem administrator\u2019s use of the publishing UI when the administrators are  \nediting the same management object. The scope is unchanged, there is no loss of  \nconfidentiality. Impact to system availability is none, impact to system  \nintegrity is high. \nSeverity: 4.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-25T21:05:53.000000Z"}, {"uuid": "a6d1b24e-426b-4eca-8b45-52a35bc421e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40872", "type": "seen", "source": "https://t.me/cvedetector/1636", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-40872 - \"Absolute Secure Access Local Privilege Elevation Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-40872 \nPublished : July 25, 2024, 5:15 p.m. | 56\u00a0minutes ago \nDescription : There is an elevation of privilege vulnerability in server  \nand client components of Absolute Secure Access prior to version 13.07.  \nAttackers with local access and valid desktop user credentials can elevate  \ntheir privilege to system level by passing invalid address data to the vulnerable  \ncomponent. This could be used to  \nmanipulate process tokens to elevate the privilege of a normal process to  \nSystem. The scope is changed, the impact to system confidentiality and  \nintegrity is high, the impact to the availability of the effected component is  \nnone. \nSeverity: 8.4 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-25T20:15:44.000000Z"}, {"uuid": "e2542851-ebf3-44e1-905a-75af81a4a439", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40875", "type": "seen", "source": "https://t.me/cvedetector/13467", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-40875 - Apache Absolute Secure Access Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-40875 \nPublished : Dec. 20, 2024, 9:15 p.m. | 42\u00a0minutes ago \nDescription : There is a cross-site scripting vulnerability in the  \nmanagement console of Absolute Secure Access prior to version 13.52. Attackers  \nwith system administrator permissions can interfere with another system  \nadministrator\u2019s use of the management console when the second administrator logs  \nin. Attack complexity is high, attack requirements are present, privileges  \nrequired are high, user interaction required is none. The impact to  \nconfidentiality is none, the impact to availability is low, and the impact to  \nsystem integrity is high. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-20T23:26:40.000000Z"}]}