| An XML External Entity Injection vulnerability has been reported in Ivanti Avalanche due to insufficient validation of user input sent to the SmartDeviceServer. A remote, unauthenticated attacker could exploit this vulnerability by sending malicious XML in an HTTP request to the target server. Successful exploitation could result in the disclosure of information in the context of SYSTEM. |
