CVE-2024-53674: XEE
First published: Tue Nov 26 2024(Updated: )
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hewlett Packard Enterprise Insight Remote Support | <7.14.0.629 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-53674?
CVE-2024-53674 has been classified with a medium severity level due to its potential for information disclosure.
How do I fix CVE-2024-53674?
To mitigate CVE-2024-53674, upgrade HPE Insight Remote Support to version 7.14.0.629 or later.
What types of systems are affected by CVE-2024-53674?
CVE-2024-53674 affects HPE Insight Remote Support versions prior to 7.14.0.629.
What is an XML external entity injection (XXE) vulnerability?
An XML external entity injection (XXE) vulnerability allows attackers to exploit the XML parser to read files or send requests to internal systems.
Can CVE-2024-53674 be exploited remotely?
Yes, CVE-2024-53674 can be exploited by remote users to disclose sensitive information under certain conditions.
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/hpe
- canonical/hewlett packard enterprise insight remote support