CVE-2026-0519
BaseFortify
Publication date: 2026-01-17
Last updated on: 2026-02-02
Assigner: NetMotion Software
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| absolute_software | secure_access | to 14.20 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in Absolute Software's Secure Access versions 12.70 and earlier up to but not including 14.20. The logging subsystem may write unredacted authentication tokens to log files under certain configurations. This means that sensitive authentication tokens can be exposed in logs, allowing anyone with access to those logs to read and potentially reuse the tokens to gain unauthorized access to integrated systems. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to unauthorized access to integrated systems by exposing authentication tokens in logs. Any party with access to these logs could read the tokens and reuse them, potentially compromising system confidentiality and integrity. However, exploitation requires local access and high privileges, and the impact on availability and authentication is minimal. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this vulnerability, you should inspect the log files of Secure Access versions 12.70 and earlier up to but not including 14.20 for unredacted authentication tokens. Since the vulnerability involves tokens being written to logs under certain configurations, searching log files for patterns resembling authentication tokens can help identify exposure. Specific commands depend on your system, but for example, on a Unix-like system, you might use commands like 'grep' to search logs for token patterns, e.g., 'grep -r "token" /path/to/secure_access/logs'. Additionally, reviewing configuration files to check logging settings that might cause token leakage is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to log files to authorized personnel only to prevent unauthorized reading of authentication tokens. Additionally, review and update the Secure Access software to version 14.20 or later where this vulnerability is fixed. If updating is not immediately possible, adjust logging configurations to avoid logging sensitive authentication tokens. Monitoring and auditing access to logs can also help detect any misuse. [1]