PT-2023-23878 · Ivanti · Ivanti Avalanche
Published
2023-08-10
·
Updated
2023-11-03
·
CVE-2023-32567
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Ivanti Avalanche versions prior to 6.4.1.236
Description
The issue concerns XML External Entity Processing in the decodeToMap function of Ivanti Avalanche, which can lead to information disclosure.
Recommendations
For versions prior to 6.4.1.236, update to version 6.4.1.236 to resolve the issue.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ivanti Avalanche