First published: Thu Sep 21 2023(Updated: )
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ivanti Endpoint Manager | <2022 | |
Ivanti Endpoint Manager | =2022 | |
Ivanti Endpoint Manager | =2022-su1 | |
Ivanti Endpoint Manager | =2022-su2 | |
Ivanti Endpoint Manager | =2022-su3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-38343 is an XXE (XML external entity injection) vulnerability in Ivanti Endpoint Manager before 2022 SU4.
The severity of CVE-2023-38343 is high with a CVSS score of 7.5.
Exploitation of CVE-2023-38343 in Ivanti Endpoint Manager can lead to file disclosure or Server Side Request Forgery.
All versions of Ivanti Endpoint Manager before 2022 SU4 are affected by CVE-2023-38343.
To fix CVE-2023-38343, update Ivanti Endpoint Manager to 2022 SU4 or a later version.