CVE-2024-37397

Publication date

2024-09-12 01:09:56

Family

hackerone

State

PUBLISHED

Description

An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets.