HPE Insight Remote Support XML External Entity Injection Vulnerability
CVE-2024-53674

7.5HIGH

Key Information:

Vendor: HP
Status: HP Insight Remote Support
Vendor: CVE Published:; 26 November 2024

Summary

An XML external entity injection (XXE) vulnerability exists in HPE Insight Remote Support, potentially allowing remote users to exploit this weakness and disclose sensitive information under specific circumstances. This flaw emphasizes the importance of secure XML parsing configurations and highlights the risks associated with improperly validated XML input. Organizations using HPE Insight Remote Support should assess their environment for potential exposure and apply relevant security patches or mitigations as necessary.

Affected Version(s)

HPE Insight Remote Support 0 < 7.14.0.629

References

https://support.hpe.com/hpesc/public/docDisplay?docLocale...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 26, 2024