CVE-2024-37345

Name of the Vulnerable Software and Affected Versions Absolute Secure Access versions prior to 13.06

Description There is a cross-site scripting issue in the Secure Access administrative UI. Attackers can pass a limited-length script to the administrative UI, which is then stored where an administrator can access it. The scope is unchanged, with no loss of confidentiality. The impact on system availability is none, but the impact on system integrity is high.

Recommendations For versions prior to 13.06, update to version 13.06 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrative UI to minimize the risk of exploitation.