Secure Access
by Absolute
CVEs (44)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-54089 | 0.00 | — | 0.00 | Oct 2, 2025 | CVE-2025-54089 is a cross-site scripting vulnerability in versions of secure access prior to 14.10. Attackers with administrative access to the console can interfere with another administrator’s access to the console. The attack complexity is low; there are no attack… | |||
| CVE-2025-54088 | 0.00 | — | 0.00 | Oct 2, 2025 | CVE-2025-54088 is an open-redirect vulnerability in Secure Access prior to version 14.10. Attackers with access to the console can redirect victims to an arbitrary URL. The attack complexity is low, attack requirements are present, no privileges are required, and users must… | |||
| CVE-2025-54087 | 0.00 | — | 0.00 | Oct 2, 2025 | CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the Secure Access server. The attack complexity is high, there are no attack… | |||
| CVE-2025-54086 | 0.00 | — | 0.00 | Oct 2, 2025 | CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10. Attackers with access to the local file system can read the Java keystore file. The attack complexity is low, there are no attack requirements, the… | |||
| CVE-2025-49082 | 0.00 | — | 0.00 | Jul 30, 2025 | CVE-2025-49082 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly read other… | |||
| CVE-2025-54085 | 0.00 | — | 0.00 | Jul 30, 2025 | CVE-2025-54085 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly read or change… | |||
| CVE-2025-49084 | 0.00 | — | 0.00 | Jul 30, 2025 | CVE-2025-49084 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access can overwrite policy rules without the requisite permissions. The attack complexity is low, attack requirements are present,… | |||
| CVE-2025-49083 | 0.00 | — | 0.00 | Jul 30, 2025 | CVE-2025-49083 is a vulnerability in the management console of Absolute Secure Access after version 12.00 and prior to version 13.56. Attackers with administrative access to the console can cause unsafe content to be deserialized and executed in the security context of the… | |||
| CVE-2025-49081 | 0.00 | — | 0.00 | Jun 12, 2025 | There is an insufficient input validation vulnerability in the warehouse component of Absolute Secure Access prior to server version 13.55. Attackers with system administrator permissions can impair the availability of the Secure Access administrative UI by writing invalid data… | |||
| CVE-2025-49080 | 0.00 | — | 0.00 | Jun 12, 2025 | There is a memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54. Attackers with network access to the server can cause a Denial of Service by sending a specially crafted sequence of packets to the server. The attack complexity is low, there are… | |||
| CVE-2025-27706 | 0.00 | — | 0.00 | May 28, 2025 | CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second… | |||
| CVE-2025-27703 | 0.00 | — | 0.00 | May 28, 2025 | CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to a specific subset of privileged features in the console can elevate their permissions to access… | |||
| CVE-2025-27702 | 0.00 | — | 0.00 | May 28, 2025 | CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify… | |||
| CVE-2024-40873 | 0.00 | — | 0.00 | Jul 25, 2024 | There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.07. Attackers with system administrator permissions can interfere with another system administrator’s use of the publishing UI when the… | |||
| CVE-2024-37352 | 0.00 | — | 0.00 | Jun 20, 2024 | There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06 that allows attackers with system administrator permissions to interfere with other system administrators’ use of the management UI when the second administrator… | |||
| CVE-2024-37351 | 0.00 | — | 0.00 | Jun 20, 2024 | There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the second administrator later… | |||
| CVE-2024-37350 | 0.00 | — | 0.00 | Jun 20, 2024 | There is a cross-site scripting vulnerability in the policy management UI of Absolute Secure Access prior to version 13.06. Attackers can interfere with a system administrator’s use of the policy management UI when the attacker convinces the victim administrator to follow a… | |||
| CVE-2024-37349 | 0.00 | — | 0.00 | Jun 20, 2024 | There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the victim administrator edits the… | |||
| CVE-2024-37348 | 0.00 | — | 0.00 | Jun 20, 2024 | There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the management UI when the second administrator later… | |||
| CVE-2024-37347 | 0.00 | — | 0.00 | Jun 20, 2024 | There is a cross-site scripting vulnerability in the pool configuration component of the management UI of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can pass a limited length script to be run by another administrator. The scope is… |
- CVE-2025-54089Oct 2, 2025risk 0.00cvss —epss 0.00
CVE-2025-54089 is a cross-site scripting vulnerability in versions of secure access prior to 14.10. Attackers with administrative access to the console can interfere with another administrator’s access to the console. The attack complexity is low; there are no attack…
- CVE-2025-54088Oct 2, 2025risk 0.00cvss —epss 0.00
CVE-2025-54088 is an open-redirect vulnerability in Secure Access prior to version 14.10. Attackers with access to the console can redirect victims to an arbitrary URL. The attack complexity is low, attack requirements are present, no privileges are required, and users must…
- CVE-2025-54087Oct 2, 2025risk 0.00cvss —epss 0.00
CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the Secure Access server. The attack complexity is high, there are no attack…
- CVE-2025-54086Oct 2, 2025risk 0.00cvss —epss 0.00
CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10. Attackers with access to the local file system can read the Java keystore file. The attack complexity is low, there are no attack requirements, the…
- CVE-2025-49082Jul 30, 2025risk 0.00cvss —epss 0.00
CVE-2025-49082 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly read other…
- CVE-2025-54085Jul 30, 2025risk 0.00cvss —epss 0.00
CVE-2025-54085 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly read or change…
- CVE-2025-49084Jul 30, 2025risk 0.00cvss —epss 0.00
CVE-2025-49084 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access can overwrite policy rules without the requisite permissions. The attack complexity is low, attack requirements are present,…
- CVE-2025-49083Jul 30, 2025risk 0.00cvss —epss 0.00
CVE-2025-49083 is a vulnerability in the management console of Absolute Secure Access after version 12.00 and prior to version 13.56. Attackers with administrative access to the console can cause unsafe content to be deserialized and executed in the security context of the…
- CVE-2025-49081Jun 12, 2025risk 0.00cvss —epss 0.00
There is an insufficient input validation vulnerability in the warehouse component of Absolute Secure Access prior to server version 13.55. Attackers with system administrator permissions can impair the availability of the Secure Access administrative UI by writing invalid data…
- CVE-2025-49080Jun 12, 2025risk 0.00cvss —epss 0.00
There is a memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54. Attackers with network access to the server can cause a Denial of Service by sending a specially crafted sequence of packets to the server. The attack complexity is low, there are…
- CVE-2025-27706May 28, 2025risk 0.00cvss —epss 0.00
CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second…
- CVE-2025-27703May 28, 2025risk 0.00cvss —epss 0.00
CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to a specific subset of privileged features in the console can elevate their permissions to access…
- CVE-2025-27702May 28, 2025risk 0.00cvss —epss 0.00
CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify…
- CVE-2024-40873Jul 25, 2024risk 0.00cvss —epss 0.00
There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.07. Attackers with system administrator permissions can interfere with another system administrator’s use of the publishing UI when the…
- CVE-2024-37352Jun 20, 2024risk 0.00cvss —epss 0.00
There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06 that allows attackers with system administrator permissions to interfere with other system administrators’ use of the management UI when the second administrator…
- CVE-2024-37351Jun 20, 2024risk 0.00cvss —epss 0.00
There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the second administrator later…
- CVE-2024-37350Jun 20, 2024risk 0.00cvss —epss 0.00
There is a cross-site scripting vulnerability in the policy management UI of Absolute Secure Access prior to version 13.06. Attackers can interfere with a system administrator’s use of the policy management UI when the attacker convinces the victim administrator to follow a…
- CVE-2024-37349Jun 20, 2024risk 0.00cvss —epss 0.00
There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the victim administrator edits the…
- CVE-2024-37348Jun 20, 2024risk 0.00cvss —epss 0.00
There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the management UI when the second administrator later…
- CVE-2024-37347Jun 20, 2024risk 0.00cvss —epss 0.00
There is a cross-site scripting vulnerability in the pool configuration component of the management UI of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can pass a limited length script to be run by another administrator. The scope is…
Page 2 of 3