Secure Access 13.06

Last updated: Feb 26, 2024

Secure Access 13.06

Important: Secure Access 13.06 Server Security Update
The management interface of Secure Access prior to version 13.06 has multiple vulnerabilities that could allow attackers with administrative access to control other logged-on administrators' sessions provided the attacker had knowledge of (or access to) the Secure Access management interface. Attackers with access to the Secure Access administrative console could also corrupt the Secure Access warehouse database.

The highest CVSS v3.1 score for these vulnerabilities is 6.5, Medium.

Taken together, the vulnerabilities fixed in this release are serious and should be patched as soon as possible.

In accordance with our disclosure policy, descriptions of vulnerabilities will not be released for at least 90 days to allow customers reasonable time to patch their systems.

For v13.x customers: The attacks can be mitigated by installing the update and following our recommendations for securely configuring network access to the administrative console.

For v12.x and v11.x customers: A security update is not planned for previous version of Secure Access. Please upgrade to the most recent Secure Access version to maximize the security posture of your deployment.

Absolute recommends that customers schedule a maintenance window to update their Secure Access servers to 13.06 as soon as possible.

For more information, contact securityresponse@absolute.com or nm-support@absolute.com