An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery.
History

Tue, 24 Sep 2024 17:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ivanti:endpoint_manager:2022:su4:*:*:*:*:*:*
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-09-21T00:00:00

Updated: 2024-09-24T16:59:33.767Z

Reserved: 2023-07-15T00:00:00

Link: CVE-2023-38343

cve-icon Vulnrichment

Updated: 2024-08-02T17:39:12.818Z

cve-icon NVD

Status : Analyzed

Published: 2023-09-21T21:15:09.747

Modified: 2023-09-25T17:09:47.507

Link: CVE-2023-38343

cve-icon Redhat

No data.