CVE-2024-37346

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

here is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can impair the availability of certain elements of the Secure Access administrative UI by writing invalid data to the warehouse over the network. There is no loss of warehouse integrity or confidentiality, the security scope is unchanged. Loss of availability is high.

References

Link	Resource
https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37346/	Vendor Advisory
https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37346/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:23

Type	Values Removed	Values Added
References	~~() https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37346/ - Vendor Advisory~~	() https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37346/ - Vendor Advisory

07 Aug 2024, 16:47

Type	Values Removed	Values Added
References	~~() https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37346/ -~~	() https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37346/ - Vendor Advisory
Summary		(es) Existe una vulnerabilidad de validación de entrada insuficiente en el componente Almacén de Absolute Secure Access antes de la versión 13.06. Los atacantes con permisos de administrador del sistema pueden afectar la disponibilidad de ciertos elementos de la interfaz de usuario administrativa de Secure Access al escribir datos no válidos en el almacén a través de la red. No hay pérdida de integridad o confidencialidad del almacén, el alcance de la seguridad no cambia. La pérdida de disponibilidad es alta.
CPE		cpe:2.3:a:absolute:secure_access::::::::
CWE		NVD-CWE-noinfo
First Time		Absolute Absolute secure Access

20 Jun 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-20 17:15

Updated : 2024-11-21 09:23

NVD link : CVE-2024-37346

Mitre link : CVE-2024-37346

CVE.ORG link : CVE-2024-37346

JSON object : View

Products Affected

absolute

secure_access

CWE

CWE-20

Improper Input Validation

NVD-CWE-noinfo

4.9 /10