CVE-2024-40875
Dec. 20, 2024, 9:15 p.m.
Tags
Product(s) Impacted
Absolute Secure Access
- before 13.52
Description
There is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.52. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator logs in. Attack complexity is high, attack requirements are present, privileges required are high, user interaction required is none. The impact to confidentiality is none, the impact to availability is low, and the impact to system integrity is high.
Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE ID: 79Date
Published: Dec. 20, 2024, 9:15 p.m.
Last Modified: Dec. 20, 2024, 9:15 p.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
SecurityResponse@netmotionsoftware.com