CVE-2024-11622

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 26, 2024
Updated: Dec 12, 2024
CWE ID 611
CWE ID 91

Summary

CVE-2024-11622 represents a critical vulnerability in HPE Insight Remote Support. This issue involves an XML external entity injection (XXE) weakness, which could enable remote users to disclose sensitive information under certain conditions. XML entities are used to define and interpret data within XML documents, and an injection attack can manipulate these entities to access unintended data or execute malicious code. In the context of HPE Insight Remote Support, an attacker might exploit this vulnerability to gain unauthorized access to confidential information, potentially leading to significant security risks. It is essential that users apply the necessary patches or updates to mitigate this vulnerability and safeguard their systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share