216.73.217.22

CVE-2025-27704

· Published 19/03/2025 19:15 · Modified 19/03/2025 19:15

Labels: CVE-2025-27704 2025-03-19CVE-2025-27704CWE-79[email protected]

Essential information

Published
19/03/2025 19:15
Modified
19/03/2025 19:15
Author
Creator
CVSS
5.5 MEDIUM (v3) 5.5 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.53. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator logs in. Attack complexity is high, attack requirements are present, privileges required are none, user interaction is required. The impact to confidentiality is low, the impact to availability is none, and the impact to system integrity is none.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
netmotionsoftware / absolute secure access cpe:2.3:a:netmotionsoftware:absolute_secure_access:*:*:*:*:*:*:*:*

References