{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-26T17:46:20.236","vulnerabilities":[{"cve":{"id":"CVE-2024-37346","sourceIdentifier":"SecurityResponse@netmotionsoftware.com","published":"2024-06-20T17:15:51.623","lastModified":"2026-06-17T07:38:11.483","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"There is an insufficient input validation vulnerability in\nthe Warehouse component of Absolute Secure Access prior to 13.06. Attackers\nwith system administrator permissions can impair the availability of certain\nelements of the Secure Access administrative UI by writing invalid data to the\nwarehouse over the network. There is no loss of warehouse integrity or\nconfidentiality, the security scope is unchanged. Loss of availability is high."},{"lang":"es","value":"Existe una vulnerabilidad de validación de entrada insuficiente en el componente Almacén de Absolute Secure Access antes de la versión 13.06. Los atacantes con permisos de administrador del sistema pueden afectar la disponibilidad de ciertos elementos de la interfaz de usuario administrativa de Secure Access al escribir datos no válidos en el almacén a través de la red. No hay pérdida de integridad o confidencialidad del almacén, el alcance de la seguridad no cambia. La pérdida de disponibilidad es alta."}],"affected":[{"source":"SecurityResponse@netmotionsoftware.com","affectedData":[{"vendor":"Absolute Software","product":"Secure Access","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"13.06","versionType":"Server","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"SecurityResponse@netmotionsoftware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-06-25T15:24:52.742650Z","id":"CVE-2024-37346","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"SecurityResponse@netmotionsoftware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*","versionEndExcluding":"13.06","matchCriteriaId":"1113DB3C-BD71-42ED-A4AF-0098AA744FD8"}]}]}],"references":[{"url":"https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37346/","source":"SecurityResponse@netmotionsoftware.com","tags":["Vendor Advisory"]},{"url":"https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37346/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}