CVE-2024-53675
CVE-2024-53675
In short
HPE Insight Remote Support has a vulnerability that allows attackers to read sensitive files on the server by sending specially crafted XML requests. This happens because the software doesn't properly validate external entities in XML input.
Technical detail
An XML external entity (XXE) injection vulnerability in HPE Insight Remote Support enables remote unauthenticated or low-privileged users to read arbitrary files from the server through malicious XML payloads. The vulnerability stems from insufficient input validation on XML processing, potentially allowing information disclosure of configuration files, credentials, or other sensitive data.
Summary generated and translated by AI from the official description.
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected products
Hewlett Packard Enterprise (HPE) · HPE Insight Remote SupportWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →