CVE-2024-11622
published 2024-11-26CVE-2024-11622: An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.
PriorityP345high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.55%
71.9th percentile
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hewlett_packard_enterprise | hpe_insight_remote_support | < 7.14.0.629 | 7.14.0.629 |
| hpe | insight_remote_support | < 7.14.0.629 | 7.14.0.629 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-536h-wxcg-vp88: An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases
ghsa_unreviewed·2024-11-27
CVE-2024-11622 [HIGH] CWE-611 GHSA-536h-wxcg-vp88: An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.
Ivanti
Ivanti Security Advisory: CVE-2025-11622
vendor_ivanti·2025-10-13·CVSS 7.8
CVE-2025-11622 [HIGH] CWE-502 Ivanti Security Advisory: CVE-2025-11622
Ivanti Security Advisory: CVE-2025-11622
Insecure deserialization in Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to escalate their privileges.
CVE IDs: CVE-2025-11622
CVSS Base Score: 7.8
Severity: HIGH
CWEs: CWE-502
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-26
Published