Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-38343

An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery.

Published

2023-09-21T21:15:09.747

Last Modified

2024-11-21T08:13:22.507

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-611

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ivanti	endpoint_manager	< 2022	Yes
Application	ivanti	endpoint_manager	2022	Yes
Application	ivanti	endpoint_manager	2022	Yes
Application	ivanti	endpoint_manager	2022	Yes
Application	ivanti	endpoint_manager	2022	Yes

References

https://gist.github.com/bhyahoo/4772330b20057a271f77e690bc70f928 Third Party Advisory ([email protected])
https://www.ivanti.com/releases Release Notes ([email protected])
https://gist.github.com/bhyahoo/4772330b20057a271f77e690bc70f928 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.ivanti.com/releases Release Notes (af854a3a-2127-422b-91ae-364da2661108)