13.05

DATE	CVE	VULNERABILITY TITLE	RISK
2025-05-28	CVE-2025-27702	Unspecified vulnerability in Absolute Secure Access CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. network low complexity absolute	4.9
2025-05-28	CVE-2025-27703	Unspecified vulnerability in Absolute Secure Access CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. network low complexity absolute	6.0
2025-05-28	CVE-2025-27706	Unspecified vulnerability in Absolute Secure Access CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. network low complexity absolute	3.4
2024-07-25	CVE-2024-40873	Cross-site Scripting vulnerability in Absolute Secure Access There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.07. Attackers with system administrator permissions can interfere with another system administrator’s use of the publishing UI when the administrators are editing the same management object. network low complexity absolute CWE-79	3.4
2024-06-20	CVE-2024-37349	Cross-site Scripting vulnerability in Absolute Secure Access There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. network low complexity absolute CWE-79	3.4
2024-06-20	CVE-2024-37350	Cross-site Scripting vulnerability in Absolute Secure Access There is a cross-site scripting vulnerability in the policy management UI of Absolute Secure Access prior to version 13.06. network low complexity absolute CWE-79	4.7
2024-06-20	CVE-2024-37351	Cross-site Scripting vulnerability in Absolute Secure Access There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. network low complexity absolute CWE-79	3.4
2024-06-20	CVE-2024-37352	Cross-site Scripting vulnerability in Absolute Secure Access There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06 that allows attackers with system administrator permissions to interfere with other system administrators’ use of the management UI when the second administrator accesses the vulnerable page. network low complexity absolute CWE-79	3.4
2024-06-20	CVE-2024-37343	Cross-site Scripting vulnerability in Absolute Secure Access There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.06. Attackers with valid tunnel credentials can pass a limited-length script to the administrative console which is then temporarily stored where an administrator using a non-default configuration could click on it while the attacker has a valid tunnel session with the server. network low complexity absolute CWE-79	5.4
2024-06-20	CVE-2024-37344	Cross-site Scripting vulnerability in Absolute Secure Access There is a cross-site scripting vulnerability in the Policy management UI of Absolute Secure Access prior to version 13.06. network low complexity absolute CWE-79	3.4