ghsa-c8q9-3mqw-64x8
Vulnerability from github
Published
2024-06-20 18:34
Modified
2024-09-09 15:30
Severity ?
4.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
Details

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the victim administrator edits the same management object. This vulnerability is distinct from CVE-2024-37348 and CVE-2024-37351. The scope is unchanged, there is no loss of confidentiality. Impact to system integrity is high, impact to system availability is none.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-37349"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-20T18:15:11Z",
    "severity": "MODERATE"
  },
  "details": "There is a cross-site scripting vulnerability in the\nmanagement UI of Absolute Secure Access prior to version 13.06. Attackers with\nsystem administrator permissions can interfere with other system\nadministrator\u2019s use of the management UI when the victim administrator edits\nthe same management object. This vulnerability is distinct from CVE-2024-37348 and\nCVE-2024-37351. The scope is unchanged, there is no loss of confidentiality. Impact\nto system integrity is high, impact to system availability is none.",
  "id": "GHSA-c8q9-3mqw-64x8",
  "modified": "2024-09-09T15:30:37Z",
  "published": "2024-06-20T18:34:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37349"
    },
    {
      "type": "WEB",
      "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37349"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.