Unrated severityNVD Advisory· Published Sep 21, 2023· Updated Sep 24, 2024
CVE-2023-38343
CVE-2023-38343
Description
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <2022 SU4
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.