Secure Access 13.08

Important: Medium Severity Vulnerability Addressed in Secure Access 13.08 Server

The management interface of Secure Access prior to version 13.08 had a vulnerability that could allow attackers with administrative access to the Secure Access Management console to control other logged-on administrators' sessions.

The CVSS v4.0 score for this vulnerability is 6.8, Medium.

In accordance with our disclosure policy, descriptions of each vulnerability will not be released for at least 90 days to allow customers time to patch their systems.

For v13.x customers: The attacks can be mitigated by installing the update and following our recommendations for securely configuring network access to the administrative console.

For v12.x and v11.x customers: A security update is not planned. Please upgrade to the most recent Secure Access version to maximize the security posture of your deployment.

Absolute recommends that customers schedule a maintenance window to update their Secure Access servers to 13.08 as soon as possible.

For more information, contact [email protected] or [email protected]