CVE-2023-46265

Name of the Vulnerable Software and Affected Versions Ivanti Avalanche (affected versions not specified)

Description The issue is related to an XML External Entity (XXE) vulnerability in the Smart Device Server, which could allow an unauthenticated attacker to leak data or perform a Server-Side Request Forgery (SSRF). This vulnerability is also associated with a buffer overflow in the decoding method of the mobile device management system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.