CVE-2024-37397

HIGH Year: 2024
CVSS v3 Score
8.2
High
Weakness Type
CWE-611
View all →

Vulnerability Description

An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets.

Related Vulnerabilities

CVE-2017-1192

HIGH
CVSS:8.2(High)

IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive i...

CWE-6112017

CVE-2017-12069

HIGH
CVSS:8.2(High)

An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 ...

CWE-6112017

CVE-2017-1289

HIGH
CVSS:8.2(High)

IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive informa...

CWE-6112017

CVE-2017-1322

HIGH
CVSS:8.2(High)

IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive informati...

CWE-6112017

CVE-2017-5992

HIGH
CVSS:8.2(High)

Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document.

CWE-6112017

CVE-2018-12585

HIGH
CVSS:8.2(High)

An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service.

CWE-6112018