There is an insufficient input validation vulnerability in\nthe Warehouse component of Absolute Secure Access prior to 13.06. Attackers\nwith system administrator permissions can impair the availability of certain\nelements of the Secure Access administrative UI by writing invalid data to the\nwarehouse over the network. There is no loss of warehouse integrity or\nconfidentiality, the security scope is unchanged. Loss of availability is high.\n
\n\n\n\n\n\n"}],"value":"There is an insufficient input validation vulnerability in\nthe Warehouse component of Absolute Secure Access prior to 13.06. Attackers\nwith system administrator permissions can impair the availability of certain\nelements of the Secure Access administrative UI by writing invalid data to the\nwarehouse over the network. There is no loss of warehouse integrity or\nconfidentiality, the security scope is unchanged. Loss of availability is high."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":4.9,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-20","description":"CWE-20 Improper Input Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"b6533044-ea05-4482-8458-7bddeca0d079","shortName":"Absolute","dateUpdated":"2024-06-20T16:51:37.265Z"},"references":[{"url":"https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37346/"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Upgrade to Absolute Secure Access v13.06 or later.