CVE-2024-53674
CVE-2024-53674
In short
HPE Insight Remote Support has a flaw where attackers can inject malicious XML code to read sensitive files or information from the system. This happens because the software doesn't properly validate XML input from remote users.
Technical detail
XML external entity (XXE) injection vulnerability in HPE Insight Remote Support allows remote, unauthenticated attackers to conduct information disclosure attacks by injecting crafted XML payloads. The vulnerability stems from improper validation of external entity references, enabling file disclosure or other data exfiltration in specific configurations.
Summary generated and translated by AI from the official description.
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected products
Hewlett Packard Enterprise (HPE) · HPE Insight Remote SupportWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →