CVE-2024-37350

Name of the Vulnerable Software and Affected Versions Absolute Secure Access versions prior to 13.06

Description There is a cross-site scripting issue in the policy management UI. Attackers can interfere with a system administrator's use of the policy management UI when the attacker convinces the victim administrator to follow a crafted link to the vulnerable component while the attacking administrator is authenticated to the console. The scope is unchanged, with no loss of confidentiality, but the impact to system integrity is high, and there is no impact to system availability.

Recommendations For versions prior to 13.06, upgrade to version 13.06 to mitigate the cross-site scripting vulnerability in the policy management UI. As a temporary workaround, consider restricting access to the policy management UI to minimize the risk of exploitation.