VYPR
High severity8.2NVD Advisory· Published Sep 12, 2024· Updated Jun 17, 2026

CVE-2024-37397

CVE-2024-37397

Description

An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets.

Affected products

2
  • Ivanti/EPMllm-fuzzy2 versions
    <2022 SU6 or 2024 September update+ 1 more
    • (no CPE)range: <2022 SU6 or 2024 September update
    • (no CPE)range: 2024 September Security Update

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.