Cross-Site Scripting Vulnerability in Absolute Secure Access Management Console
CVE-2024-40875
Currently unrated
What is CVE-2024-40875?
CVE-2024-40875 pertains to a critical cross-site scripting (XSS) vulnerability found in the management console of Absolute Secure Access, specifically impacting versions before 13.52. This vulnerability allows attackers with system administrator permissions to manipulate the management console experience of another administrator during their login session. While the attack complexity is marked as high and requires specific privileges, it poses serious implications for system integrity, highlighting the need for immediate attention and remediation. The potential impact includes unauthorized access and control over administrative functions, stressing the importance of ensuring all administrators are operating on the latest secure version.