CVE-2024-40875 MEDIUM

CVE-2024-40875: Cross-site scripting vulnerability in the Secure Access administrative console prior to 13.52

Vendor Absolute Software
Product Secure Access
Weakness CWE-79 · XSS
Published December 20, 2024
Last update December 24, 2024

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

There is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.52. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator logs in. Attack complexity is high, attack requirements are present, privileges required are high, user interaction required is none. The impact to confidentiality is none, the impact to availability is low, and the impact to system integrity is high.

Key dates

02Disclosure timeline

December 20, 2024 CVE published
December 24, 2024 Record updated