CVE-2024-37343 Information

Description

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.06. Attackers with valid tunnel credentials can pass a limited-length script to the administrative console which is then temporarily stored where an administrator using a non-default configuration could click on it while the attacker has a valid tunnel session with the server. The scope is unchanged there is no loss of confidentiality. Impact to system availability is none impact to system integrity is high.

Reference

https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37343/