High severity8.2NVD Advisory· Published Sep 12, 2024· Updated Jun 17, 2026
CVE-2024-37397
CVE-2024-37397
Description
An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets.
Affected products
2Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.