CVE-2024-37346

There is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can impair the availability of certain elements of the Secure Access administrative UI by writing invalid data to the warehouse over the network. There is no loss of warehouse integrity or confidentiality, the security scope is unchanged. Loss of availability is high.

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37346/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*

History

07 Aug 2024, 16:47

Type	Values Removed	Values Added
References	~~() https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37346/ -~~	() https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37346/ - Vendor Advisory
Summary		(es) Existe una vulnerabilidad de validación de entrada insuficiente en el componente Almacén de Absolute Secure Access antes de la versión 13.06. Los atacantes con permisos de administrador del sistema pueden afectar la disponibilidad de ciertos elementos de la interfaz de usuario administrativa de Secure Access al escribir datos no válidos en el almacén a través de la red. No hay pérdida de integridad o confidencialidad del almacén, el alcance de la seguridad no cambia. La pérdida de disponibilidad es alta.
CPE		cpe:2.3:a:absolute:secure_access::::::::
First Time		Absolute Absolute secure Access
CWE		NVD-CWE-noinfo

20 Jun 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-20 17:15

Updated : 2024-08-07 16:47

NVD link : CVE-2024-37346

Mitre link : CVE-2024-37346

CVE.ORG link : CVE-2024-37346

JSON object : View

Products Affected

absolute

secure_access

CWE

NVD-CWE-noinfo CWE-20

Improper Input Validation

{"id": "CVE-2024-37346", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "SecurityResponse@netmotionsoftware.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2024-06-20T17:15:51.623", "references": [{"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37346/", "tags": ["Vendor Advisory"], "source": "SecurityResponse@netmotionsoftware.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "SecurityResponse@netmotionsoftware.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "There is an insufficient input validation vulnerability in\nthe Warehouse component of Absolute Secure Access prior to 13.06. Attackers\nwith system administrator permissions can impair the availability of certain\nelements of the Secure Access administrative UI by writing invalid data to the\nwarehouse over the network. There is no loss of warehouse integrity or\nconfidentiality, the security scope is unchanged. Loss of availability is high."}, {"lang": "es", "value": "Existe una vulnerabilidad de validaci\u00f3n de entrada insuficiente en el componente Almac\u00e9n de Absolute Secure Access antes de la versi\u00f3n 13.06. Los atacantes con permisos de administrador del sistema pueden afectar la disponibilidad de ciertos elementos de la interfaz de usuario administrativa de Secure Access al escribir datos no v\u00e1lidos en el almac\u00e9n a trav\u00e9s de la red. No hay p\u00e9rdida de integridad o confidencialidad del almac\u00e9n, el alcance de la seguridad no cambia. La p\u00e9rdida de disponibilidad es alta."}], "lastModified": "2024-08-07T16:47:56.807", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1113DB3C-BD71-42ED-A4AF-0098AA744FD8", "versionEndExcluding": "13.06"}], "operator": "OR"}]}], "sourceIdentifier": "SecurityResponse@netmotionsoftware.com"}