An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager prior to 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ivanti endpoint manager 2022 |
||
ivanti endpoint manager |