QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-40875

Back to search

CVE-2024-40875

Published: Dec 20, 2024

Modified: Dec 24, 2024

PUBLISHED

Description

There is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.52. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator logs in. Attack complexity is high, attack requirements are present, privileges required are high, user interaction required is none. The impact to confidentiality is none, the impact to availability is low, and the impact to system integrity is high.

VendorProductVersions

Absolute Software

Secure Access

affected
0 - < 13.52

Weaknesses (CWE)

CWE-79

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now