admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-31 02:31:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-383xx/CVE-2023-38344.json

24 lines
964 B
JSON
Raw Normal View History

Auto-Update: 2023-09-21T22:00:24.060387+00:00
2023-09-21 22:00:27 +00:00
{
"id": "CVE-2023-38344",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T21:15:10.877",
Auto-Update: 2023-09-22T02:00:24.866060+00:00
2023-09-22 02:00:28 +00:00
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Awaiting Analysis",
Auto-Update: 2023-09-21T22:00:24.060387+00:00
2023-09-21 22:00:27 +00:00
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an authenticated attacker to read arbitrary files from a remote system, including the private key used to authenticate to agents for remote access."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/bhyahoo/76533e91840200a1d9f3fb1eb87eb0f1",
"source": "cve@mitre.org"
},
{
"url": "https://www.ivanti.com/releases",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue Copy Permalink