Posts tagged: XXE

This blog provides an in-depth analysis of the exploitation process for an unauthenticated External XML Entity (XXE) vulnerability in Ivanti Endpoint Manager, identified as CVE-2024-37397.

In this post, we’ll delve into two vulnerabilities recently discovered in the HPE Insight Remote Support (IRS) application, versions prior to v7.14.0.629. These vulnerabilities—CVE-2024-53675 (unauthenticated XXE vulnerability) and CVE-2024-53676 (Remote Code Execution, or RCE vulnerability)—pose significant security risks, allowing unauthorized access and arbitrary code execution on vulnerable systems.