{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T16:32:19.535","vulnerabilities":[{"cve":{"id":"CVE-2024-37343","sourceIdentifier":"SecurityResponse@netmotionsoftware.com","published":"2024-06-20T17:15:50.910","lastModified":"2024-11-21T09:23:41.180","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"There is a cross-site scripting vulnerability in the Secure\nAccess administrative console of Absolute Secure Access prior to version 13.06.\nAttackers with valid tunnel credentials can pass a limited-length script to the\nadministrative console which is then temporarily stored where an administrator\nusing a non-default configuration could click on it while the attacker has a\nvalid tunnel session with the server. The scope is unchanged, there is no loss\nof confidentiality. Impact to system availability is none, impact to system\nintegrity is high."},{"lang":"es","value":"Existe una vulnerabilidad de Cross Site Scripting en la consola administrativa de Secure Access de Absolute Secure Access anterior a la versión 13.06. Los atacantes con credenciales de túnel válidas pueden pasar un script de longitud limitada a la consola administrativa que luego se almacena temporalmente donde un administrador que utilice una configuración no predeterminada podría hacer clic en él mientras el atacante tiene una sesión de túnel válida con el servidor. El alcance no cambia, no hay pérdida de confidencialidad. El impacto en la disponibilidad del sistema es nulo, el impacto en la integridad del sistema es alto."}],"metrics":{"cvssMetricV31":[{"source":"SecurityResponse@netmotionsoftware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"SecurityResponse@netmotionsoftware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*","versionEndExcluding":"13.06","matchCriteriaId":"1113DB3C-BD71-42ED-A4AF-0098AA744FD8"}]}]}],"references":[{"url":"https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37343/","source":"SecurityResponse@netmotionsoftware.com","tags":["Vendor Advisory"]},{"url":"https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37343/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}