{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T00:42:00.252","vulnerabilities":[{"cve":{"id":"CVE-2024-37350","sourceIdentifier":"SecurityResponse@netmotionsoftware.com","published":"2024-06-20T18:15:12.103","lastModified":"2024-11-21T09:23:42.137","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"There is a cross-site scripting vulnerability in the policy\nmanagement UI of Absolute Secure Access prior to version 13.06. Attackers can\ninterfere with a system administrator’s use of the policy management UI when\nthe attacker convinces the victim administrator to follow a crafted link to the\nvulnerable component while the attacking administrator is authenticated to the\nconsole. The scope is unchanged, there is no loss of confidentiality. Impact to\nsystem integrity is high, impact to system availability is none."},{"lang":"es","value":"Existe una vulnerabilidad de Cross Site Scripting en la interfaz de usuario de administración de políticas de Absolute Secure Access antes de la versión 13.06. Los atacantes pueden interferir con el uso de la interfaz de usuario de administración de políticas por parte de un administrador del sistema cuando el atacante convence al administrador de la víctima de seguir un enlace manipulado al componente vulnerable mientras el administrador atacante está autenticado en la consola. El alcance no cambia, no hay pérdida de confidencialidad. El impacto en la integridad del sistema es alto, el impacto en la disponibilidad del sistema es nulo."}],"metrics":{"cvssMetricV31":[{"source":"SecurityResponse@netmotionsoftware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"SecurityResponse@netmotionsoftware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*","versionEndExcluding":"13.06","matchCriteriaId":"1113DB3C-BD71-42ED-A4AF-0098AA744FD8"}]}]}],"references":[{"url":"https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37350/","source":"SecurityResponse@netmotionsoftware.com","tags":["Vendor Advisory"]},{"url":"https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37350/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}