CVE-2023-38343
published 2023-09-21CVE-2023-38343: An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are…
PriorityP345high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.45%
70.0th percentile
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | endpoint_manager | < 2022 | 2022 |
| ivanti | endpoint_manager | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2023-38343
vendor_ivanti·2023-09-21·CVSS 7.5
CVE-2023-38343 [HIGH] CWE-611 Ivanti Security Advisory: CVE-2023-38343
Ivanti Security Advisory: CVE-2023-38343
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery.
CVE IDs: CVE-2023-38343
CVSS Base Score: 7.5
Severity: HIGH
CWEs: CWE-611
GHSA
GHSA-rfx9-vc4c-6rwm: An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4
ghsa_unreviewed·2023-09-21
CVE-2023-38343 [HIGH] CWE-611 GHSA-rfx9-vc4c-6rwm: An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-09-21
Published