An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery.
References
Link | Resource |
---|---|
https://gist.github.com/bhyahoo/4772330b20057a271f77e690bc70f928 | Third Party Advisory |
https://www.ivanti.com/releases | Release Notes |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-09-21T00:00:00
Updated: 2023-09-21T20:57:44.212704
Reserved: 2023-07-15T00:00:00
Link: CVE-2023-38343
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-09-21T21:15:09.747
Modified: 2023-09-25T17:09:47.507
Link: CVE-2023-38343
JSON object: View
Redhat Information
No data.
CWE