Description
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.
Scores
CVSS v3
7.3
EPSS
0.2335
EPSS Percentile
96.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-611
CWE-91
Status
published
Products (1)
hpe/insight_remote_support
< 7.14.0.629
Published
Nov 26, 2024
Tracked Since
Feb 18, 2026