nvd-json-data-feeds/CVE-2024/CVE-2024-408xx/CVE-2024-40875.json

{
  "id": "CVE-2024-40875",
  "sourceIdentifier": "SecurityResponse@netmotionsoftware.com",
  "published": "2024-12-20T21:15:08.290",
  "lastModified": "2024-12-20T21:15:08.290",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There is a cross-site scripting vulnerability in the\nmanagement console of Absolute Secure Access prior to version 13.52. Attackers\nwith system administrator permissions can interfere with another system\nadministrator\u2019s use of the management console when the second administrator logs\nin. Attack complexity is high, attack requirements are present, privileges\nrequired are high, user interaction required is none. The impact to\nconfidentiality is none, the impact to availability is low, and the impact to\nsystem integrity is high."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de cross site scripting en management console de Absolute Secure Access anterior a la versi\u00f3n 13.52. Los atacantes con permisos de administrador del sistema pueden interferir con el uso de la consola de administraci\u00f3n por parte de otro administrador del sistema cuando el segundo administrador inicia sesi\u00f3n. La complejidad del ataque es alta, existen requisitos de ataque, se requieren muchos privilegios y no se requiere interacci\u00f3n del usuario. El impacto en la confidencialidad es nulo, el impacto en la disponibilidad es bajo y el impacto en la integridad del sistema es alto."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "SecurityResponse@netmotionsoftware.com",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "attackRequirements": "PRESENT",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "HIGH",
          "vulnAvailabilityImpact": "LOW",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "subAvailabilityImpact": "NONE",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirement": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "availabilityRequirement": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED"
        }
      }
    ]
  },
  "weaknesses": [
    {
      "source": "SecurityResponse@netmotionsoftware.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1352/",
      "source": "SecurityResponse@netmotionsoftware.com"
    }
  ]
}