CVE-2023-46808

An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.
Configurations

Configuration 1 (hide)

cpe:2.3:a:ivanti:neurons_for_itsm:*:*:*:*:*:*:*:*

History

01 Aug 2024, 13:45

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de carga de archivos en Ivanti ITSM anterior a 2023.4 permite a un usuario remoto autenticado realizar escrituras de archivos en el servidor. La explotación exitosa puede conducir a la ejecución de comandos en el contexto de un usuario no root.

01 Apr 2024, 15:31

Type Values Removed Values Added
First Time Ivanti
Ivanti neurons For Itsm
CWE CWE-434
References () https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM - () https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM - Vendor Advisory
CPE cpe:2.3:a:ivanti:neurons_for_itsm:*:*:*:*:*:*:*:*

31 Mar 2024, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-31 02:15

Updated : 2024-08-01 13:45


NVD link : CVE-2023-46808

Mitre link : CVE-2023-46808

CVE.ORG link : CVE-2023-46808


JSON object : View

Products Affected

ivanti

  • neurons_for_itsm
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type