CVE-2024-37346
Insufficient input validation vulnerability in the Absolute Secure Access Warehouse prior to 13.06
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.9EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
20 jun 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
There is an insufficient input validation vulnerability in
the Warehouse component of Absolute Secure Access prior to 13.06. Attackers
with system administrator permissions can impair the availability of certain
elements of the Secure Access administrative UI by writing invalid data to the
warehouse over the network. There is no loss of warehouse integrity or
confidentiality, the security scope is unchanged. Loss of availability is high.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Productos afectados
Absolute Software · Secure Access