CVE-2024-37343 – There is a cross-site scripting vulnerability in t

CVE ID : CVE-2024-37343

Published : June 20, 2024, 5:15 p.m. | 1 hour, 4 minutes ago

Description : There is a cross-site scripting vulnerability in the Secure
Access administrative console of Absolute Secure Access prior to version 13.06.
Attackers with valid tunnel credentials can pass a limited-length script to the
administrative console which is then temporarily stored where an administrator
using a non-default configuration could click on it while the attacker has a
valid tunnel session with the server. The scope is unchanged, there is no loss
of confidentiality. Impact to system availability is none, impact to system
integrity is high.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…CVE ID : CVE-2024-37343

Published : June 20, 2024, 5:15 p.m. | 1 hour, 4 minutes ago

Description : There is a cross-site scripting vulnerability in the Secure
Access administrative console of Absolute Secure Access prior to version 13.06.
Attackers with valid tunnel credentials can pass a limited-length script to the
administrative console which is then temporarily stored where an administrator
using a non-default configuration could click on it while the attacker has a
valid tunnel session with the server. The scope is unchanged, there is no loss
of confidentiality. Impact to system availability is none, impact to system
integrity is high.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…