{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T11:15:27.632","vulnerabilities":[{"cve":{"id":"CVE-2024-37344","sourceIdentifier":"SecurityResponse@netmotionsoftware.com","published":"2024-06-20T17:15:51.153","lastModified":"2024-11-21T09:23:41.360","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"There is a cross-site scripting vulnerability in the Policy\nmanagement UI of Absolute Secure Access prior to version 13.06. Attackers with\nsystem administrator permissions can interfere with another system\nadministrator’s use of the policy management UI when the administrators are\nediting the same policy object. The scope is unchanged, there is no loss of\nconfidentiality. Impact to system availability is none, impact to system\nintegrity is high."},{"lang":"es","value":"Existe una vulnerabilidad de Cross Site Scripting en la interfaz de usuario de administración de políticas de Absolute Secure Access antes de la versión 13.06. Los atacantes con permisos de administrador del sistema pueden interferir con el uso de la interfaz de usuario de administración de políticas por parte de otro administrador del sistema cuando los administradores están editando el mismo objeto de política. El alcance no cambia, no hay pérdida de confidencialidad. El impacto en la disponibilidad del sistema es nulo, el impacto en la integridad del sistema es alto."}],"metrics":{"cvssMetricV31":[{"source":"SecurityResponse@netmotionsoftware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N","baseScore":4.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N","baseScore":3.4,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":1.4}]},"weaknesses":[{"source":"SecurityResponse@netmotionsoftware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*","versionEndExcluding":"13.06","matchCriteriaId":"1113DB3C-BD71-42ED-A4AF-0098AA744FD8"}]}]}],"references":[{"url":"https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37344/","source":"SecurityResponse@netmotionsoftware.com","tags":["Vendor Advisory"]},{"url":"https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37344/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}