CVE-2024-37343

Name of the Vulnerable Software and Affected Versions Absolute Secure Access versions prior to 13.06

Description There is a cross-site scripting issue in the Secure Access administrative console. Attackers with valid tunnel credentials can pass a limited-length script to the administrative console, which is then temporarily stored. An administrator using a non-default configuration could click on it while the attacker has a valid tunnel session with the server. The scope is unchanged, with no loss of confidentiality, and no impact to system availability, but the impact to system integrity is high.

Recommendations For versions prior to 13.06, update to version 13.06 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrative console to minimize the risk of exploitation. Additionally, administrators should avoid using non-default configurations that could increase the vulnerability to this issue.