Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ivanti Endpoint Manager 代码问题漏洞
Vulnerability Description
Ivanti Endpoint Manager(EPM)是美国Ivanti公司的一套端点安全管理器。 Ivanti Endpoint Manager 2022 SU4 之前版本存在安全漏洞,该漏洞源于CSEP 组件中存在XML 外部实体注入,在 XML 解析器配置中启用外部实体引用,攻击者利用此漏洞可能会导致文件泄露或服务器端请求伪造。
CVSS Information
N/A
Vulnerability Type
N/A