CVE-2023-38343
Summary
| CVE | CVE-2023-38343 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-09-21 21:15:00 UTC |
| Updated | 2023-09-25 17:09:00 UTC |
| Description | An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery. |
Risk And Classification
Problem Types: CWE-611
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ivanti | Endpoint Manager | All | All | All | All |
| Application | Ivanti | Endpoint Manager | 2022 | - | All | All |
| Application | Ivanti | Endpoint Manager | 2022 | su1 | All | All |
| Application | Ivanti | Endpoint Manager | 2022 | su2 | All | All |
| Application | Ivanti | Endpoint Manager | 2022 | su3 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2023-38343 - XXE · GitHub | MISC | gist.github.com | |
| Product Releases & Updates | Ivanti | MISC | www.ivanti.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.