CVE-2024-37397

An External XML Entity XXE vulnerability in the provisioning web

Publication date: 2024-09-12

Last updated on: 2024-09-13

Description

An External XML Entity XXE vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets.

CVSS Scores

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Resource

Exploitability

CWE ID	Description
UNKNOWN

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

Meta Information

Date published:

2024-09-12

Date last modified:

2024-09-13

Date generated:

2025-01-15

NVD report:

CVE-2024-37397