Security Advisory

CVE-2023-38343

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-09-21 00:00:00
Last updated 2024-09-24 16:59:33
Assigner mitre
State PUBLISHED

Description

An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery.