CVE-2024-40873 Vulnerability Details

  /     /     /  

CVE-2024-40873 Metadata Quick Info

CVE Published: 25/07/2024 | CVE Updated: 02/08/2024 | CVE Year: 2024
Source: Absolute | Vendor: Absolute Security | Product: Secure Access
Status : PUBLISHED

CVE-2024-40873 Description

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.07. Attackers with system administrator permissions can interfere with another system administrator’s use of the publishing UI when the administrators are editing the same management object. The scope is unchanged, there is no loss of confidentiality. Impact to system availability is none, impact to system integrity is high.

Metrics

CVSS Version: 3.1 | Base Score: 4.5 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* HIGH
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* HIGH
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-79
CWE Name: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or Cross-site Scripting )
Source: Absolute Security

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).