CVE-2025-27705

CVE-2025-27705

Título es
CVE-2025-27705

Mié, 19/03/2025 – 20:15

Tipo
CWE-79

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-27705

Descripción en
There is a cross-site scripting vulnerability in the Secure
Access administrative console of Absolute Secure Access prior to version 13.53.
Attackers with system administrator permissions can interfere with another
system administrator’s use of the management console when the second
administrator logs in. Attack complexity is high, attack requirements are
present, privileges required are none, user interaction is required. The impact
to confidentiality is low, the impact to availability is none, and the impact
to system integrity is none.

19/03/2025

19/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Gravedad 4.0
5.50

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

Enviar en el boletín
Off