Primary

Context

Absolute Secure Access Server-Side Request Forgery Vulnerability

Vulnerability

Patched

A server-side request forgery vulnerability has been identified in Absolute Secure Access versions prior to 14.10. This vulnerability allows attackers with administrative privileges to send a crafted test HTTP request from the Secure Access server. The exploitation of this vulnerability requires user interaction and has a high attack complexity. While there is no direct impact on confidentiality, integrity, or availability, there is a low severity subsequent system impact on integrity.

Impact

Exploitation of this vulnerability could lead to unauthorized actions being performed on behalf of the Secure Access server, potentially allowing for manipulation of server-side resources or data.

Added: Oct 2, 2025, 8:19 PM

Updated: Oct 2, 2025, 8:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

2.8

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

2.8

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Absolute Secure Access Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Affected Products

Absolute Secure Access

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating