CVE-2024-37346 Vulnerability Details

  /     /     /  

CVE-2024-37346 Metadata Quick Info

CVE Published: 20/06/2024 | CVE Updated: 02/08/2024 | CVE Year: 2024
Source: Absolute | Vendor: Absolute Software | Product: Secure Access
Status : PUBLISHED

---

CVE-2024-37346 Description

There is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can impair the availability of certain elements of the Secure Access administrative UI by writing invalid data to the warehouse over the network. There is no loss of warehouse integrity or confidentiality, the security scope is unchanged. Loss of availability is high.

Metrics

CVSS Version: 3.1 | Base Score: 4.9 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* HIGH
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* NONE
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-20
CWE Name: CWE-20 Improper Input Validation
Source: Absolute Software

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).