{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T11:05:52.502","vulnerabilities":[{"cve":{"id":"CVE-2024-37347","sourceIdentifier":"SecurityResponse@netmotionsoftware.com","published":"2024-06-20T17:15:51.853","lastModified":"2024-11-21T09:23:41.750","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"There is a cross-site scripting vulnerability in the pool\nconfiguration component of the management UI of Absolute Secure Access prior to\n13.06. Attackers with system administrator permissions can pass a limited\nlength script to be run by another administrator. The scope is unchanged, there\nis no loss of confidentiality. Impact to system integrity is high, impact to\nsystem availability is none."},{"lang":"es","value":"Existe una vulnerabilidad de Cross Site Scripting en el componente de configuración del grupo de la interfaz de usuario de administración de Absolute Secure Access antes de la versión 13.06. Los atacantes con permisos de administrador del sistema pueden pasar un script de longitud limitada para que lo ejecute otro administrador. El alcance no cambia, no hay pérdida de confidencialidad. El impacto en la integridad del sistema es alto, el impacto en la disponibilidad del sistema es nulo."}],"metrics":{"cvssMetricV31":[{"source":"SecurityResponse@netmotionsoftware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N","baseScore":4.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N","baseScore":3.4,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":1.4}]},"weaknesses":[{"source":"SecurityResponse@netmotionsoftware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*","versionEndExcluding":"13.06","matchCriteriaId":"1113DB3C-BD71-42ED-A4AF-0098AA744FD8"}]}]}],"references":[{"url":"https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37347/","source":"SecurityResponse@netmotionsoftware.com","tags":["Vendor Advisory"]},{"url":"https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37347/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}