{"vulnerability": "CVE-2023-38344", "sightings": [{"uuid": "4a7db164-10ce-48d3-9562-204b1fd28f83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38344", "type": "seen", "source": "https://t.me/cibsecurity/70929", "content": "\u203c CVE-2023-38344 \u203c\n\nAn issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an authenticated attacker to read arbitrary files from a remote system, including the private key used to authenticate to agents for remote access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-22T04:38:19.000000Z"}]}