An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery.
Metrics
Affected Vendors & Products
References
History
Tue, 24 Sep 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:ivanti:endpoint_manager:2022:su4:*:*:*:*:*:* | |
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-09-21T00:00:00
Updated: 2024-09-24T16:59:33.767Z
Reserved: 2023-07-15T00:00:00
Link: CVE-2023-38343
Vulnrichment
Updated: 2024-08-02T17:39:12.818Z
NVD
Status : Analyzed
Published: 2023-09-21T21:15:09.747
Modified: 2023-09-25T17:09:47.507
Link: CVE-2023-38343
Redhat
No data.