Absolute Secure Access Management Console Deserialization Vulnerability Allowing Code Execution

A deserialization vulnerability has been identified in the management console of Absolute Secure Access, affecting versions after 12.00 and prior to 13.56. This vulnerability allows attackers with administrative access to the console to manipulate unsafe content, leading to execution in the console's security context. The vulnerability arises from insufficient input validation, with a low attack complexity and no user interaction required. While the vulnerability has a low impact on confidentiality, it significantly compromises integrity. Additionally, there is minimal impact on the confidentiality and integrity of subsequent systems, with no effect on their availability.

Impact

Exploitation of this vulnerability allows for unauthorized deserialization and execution of content in the management console's security context, potentially leading to unauthorized actions or access within the application.