Secure Access 13.53

Important: Medium Severity Vulnerabilities Addressed in Secure Access 13.53 Server

There are two cross-site scripting vulnerabilities in the management console of Absolute Secure Access prior to version 13.53. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator logs in.

The CVSS v4.0 score for both vulnerabilities 5.5, Medium.

Attack complexity is high, attack requirements are present, privileges required are none, user interaction is required. The impact to confidentiality is low, the impact to availability is none, and the impact to system integrity is none.

The CVSS v4.0 score for both vulnerabilities is 5.5, Medium: https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H

For v13.x customers: The attacks can be mitigated by installing the update from our download portal and following our recommendations for securely configuring network access to the administrative console.

For v12.x and v11.x customers: A security update is not planned. Please upgrade to the most recent Secure Access version to maximize the security posture of your deployment.

Absolute recommends that customers schedule a maintenance window to update their Secure Access servers to 13.53. Secure Access SaaS customers will be updated automatically during an upcoming maintenance window.

For more information, contact [email protected] or [email protected]