CVE-2024-37397

Name of the Vulnerable Software and Affected Versions Ivanti EPM versions prior to 2022 SU6 Ivanti EPM versions prior to the 2024 September update

Description The issue is related to an External XML Entity (XXE) vulnerability in the provisioning web service, allowing a remote unauthenticated attacker to leak API secrets. This vulnerability is associated with incorrect restriction of XML links to external objects, which can be exploited by a remote attacker to access confidential information.

Recommendations For Ivanti EPM versions prior to 2022 SU6, update to version 2022 SU6 or later to resolve the issue. For Ivanti EPM versions prior to the 2024 September update, apply the 2024 September update to fix the vulnerability. As a temporary workaround, consider restricting access to the provisioning web service to minimize the risk of exploitation.