HPE Insight Remote Support Exposes XML External Entity Injection Vulnerability
CVE-2024-11622

7.5HIGH

Key Information:

Vendor: HP
Status: HP Insight Remote Support
Vendor: CVE Published:; 26 November 2024

Summary

An XML external entity injection (XXE) vulnerability exists within the HPE Insight Remote Support software, which can be exploited by remote users to gain unauthorized access to sensitive information. This vulnerability arises when the application processes XML inputs without adequate validation, potentially allowing attackers to craft malicious XML data. By exploiting this weakness, attackers may target system configurations or sensitive data stored within the server, leading to potential information disclosure. Security best practices recommend immediate evaluation and patching of the affected software versions to mitigate risks associated with this vulnerability.

Affected Version(s)

HPE Insight Remote Support 0 < 7.14.0.629

References

https://support.hpe.com/hpesc/public/docDisplay?docLocale...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 26, 2024
Vulnerability Reserved
Nov 22, 2024