- Description
- An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets.
- Source
- support@hackerone.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.2
- Impact score
- 4.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
- Severity
- HIGH
CVSS 3.0
- Type
- Secondary
- Base score
- 8.2
- Impact score
- 4.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-611
- Hype score
- Not currently trending
Top 5 Trending Security Vulnerabilities to Watch Out For: CVE-2024-44175 CVE-2024-37397 CVE-2024-7591 CVE-2024-36401 #infosec
@UAFnUg
28 Nov 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-46938 2 - CVE-2024-37397 3 - CVE-2024-42477 4 - CVE-2024-11477 5 - CVE-2024-0012 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
25 Nov 2024
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes