Ivanti: >> Xtraction >> 2023.3 Security Vulnerabilities
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks.
CVSS Score
9.6
EPSS Score
0.001
Published
2026-05-12